Merge branch 'riebl:master' into windows_build

tools/fuzz-harness/compile.sh

@@ -1,4 +1,5 @@
-#!/bin/bash -eu
+#!/bin/bash
+set -eu
 
 if [[ ! -d "/AFLplusplus" ]] ; then
     echo "This script shall be run inside the AFL++ container"

tools/fuzz-harness/docker.sh

@@ -1,4 +1,5 @@
-#!/bin/bash -eu
+#!/bin/bash
+set -eu
 HARNESS_DIR=$(realpath $(dirname $0))
 SOURCE_DIR=$HARNESS_DIR/../..
 
@@ -12,4 +13,4 @@ docker run --rm -it \
     -v$HARNESS_DIR/input:/input:ro \
     -v$HARNESS_DIR/output:/output \
     -e HOST_USER_ID=$(id -u) -e HOST_GROUP_ID=$(id -g) \
-    $IMAGE
+    $IMAGE

tools/fuzz-harness/fuzz.sh

@@ -1,4 +1,5 @@
-#!/bin/bash -eu
+#!/bin/bash
+set -eu
 : ${FUZZ_INPUT:="$HOME/input"}
 : ${FUZZ_OUTPUT:="$HOME/output"}
 : ${FUZZ_BUILD:="$HOME/build"}

vanetza/geonet/mib.hpp

@@ -40,7 +40,8 @@ enum class AddrConfMethod {
 
 enum class InterfaceType {
     Unspecified = 0,
-    ITS_G5 = 1
+    ITS_G5 = 1,
+    LTE_V2X = 2
 };
 
 enum class SecurityDecapHandling {

vanetza/geonet/router.cpp

@@ -649,6 +649,7 @@ void Router::execute_media_procedures(CommunicationProfile com_profile)
             execute_itsg5_procedures();
             break;
         case CommunicationProfile::Unspecified:
+        case CommunicationProfile::LTE_V2X:
             // do nothing
             break;
         default:

vanetza/security/straight_verify_service.cpp

@@ -469,17 +469,20 @@ VerifyConfirm StraightVerifyService::verify(const v3::SecuredMessage& msg)
     }
 
     const v3::asn1::Certificate* certificate = boost::apply_visitor(certificate_lookup_visitor, signer_identifier);
-    if (!certificate && maybe_digest) {
-        if (msg.its_aid() == aid::CA && m_context_v3.m_sign_policy) {
+    if (!certificate) {
+        if (msg.its_aid() == aid::CA && m_context_v3.m_sign_policy && maybe_digest) {
             // for received CAMs (having digest as signer identifier) with unknown AT we request the full AT certificate
             m_context_v3.m_sign_policy->request_unrecognized_certificate(*maybe_digest);
         }
         confirm.report = VerificationReport::Signer_Certificate_Not_Found;
         return confirm;
     }
 
+    // code below can safely dereference certificate
+    assert(certificate != nullptr);
+
     // check AT certificate's validity
-    if (certificate && m_context_v3.m_cert_validator) {
+    if (m_context_v3.m_cert_validator) {
         auto verdict = m_context_v3.m_cert_validator->valid_for_signing(v3::CertificateView { certificate }, msg.its_aid());
         if (verdict != v3::CertificateValidator::Verdict::Valid) {
             confirm.report = VerificationReport::Invalid_Certificate;
@@ -538,7 +541,7 @@ VerifyConfirm StraightVerifyService::verify(const v3::SecuredMessage& msg)
         }
 
         // update certificate cache with received certificate
-        if (certificate && v3::contains_certificate(signer_identifier)) {
+        if (v3::contains_certificate(signer_identifier)) {
             cache.store(v3::Certificate { *certificate });
         }
     }

vanetza/security/v3/secured_message.cpp

@@ -338,6 +338,9 @@ PacketVariant SecuredMessage::payload() const
         case Vanetza_Security_Ieee1609Dot2Content_PR_signedData:
             buffer = get_payload(m_struct->content->choice.signedData);
             break;
+        default:
+            // empty buffer as fallback
+            break;
     }
 
     return CohesivePacket { std::move(buffer), OsiLayer::Network };
@@ -352,6 +355,9 @@ void SecuredMessage::set_payload(const ByteBuffer& payload)
         case Vanetza_Security_Ieee1609Dot2Content_PR_signedData:
             vanetza::security::v3::set_payload(&m_struct->content->choice.signedData->tbsData->payload->data->content->choice.unsecuredData, payload);
             break;
+        default:
+          // cannot copy payload into secured message
+          break;
     }
 }