From b0303f5bd37bb1af8152a6910f70fbd569724ebb Mon Sep 17 00:00:00 2001
From: Seppo Takalo <seppo.takalo@nordicsemi.no>
Date: Wed, 20 Sep 2023 13:26:41 +0300
Subject: [PATCH] net: lwm2m: Don't allow operations on security object

In spec:
The LwM2M Client MUST reject any LwM2M Server operation on
the Security Object (ID: 0) with an "4.01 Unauthorized" response
 code.

Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
---
 subsys/net/lib/lwm2m/lwm2m_message_handling.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/subsys/net/lib/lwm2m/lwm2m_message_handling.c b/subsys/net/lib/lwm2m/lwm2m_message_handling.c
index 952a3d9c130..1a7d023ceb2 100644
--- a/subsys/net/lib/lwm2m/lwm2m_message_handling.c
+++ b/subsys/net/lib/lwm2m/lwm2m_message_handling.c
@@ -2330,6 +2330,11 @@ int handle_request(struct coap_packet *request, struct lwm2m_message *msg)
 			goto error;
 		}
 #endif
+		if (msg->path.obj_id == LWM2M_OBJECT_SECURITY_ID && !msg->ctx->bootstrap_mode) {
+			r = -EACCES;
+			goto error;
+		}
+
 		switch (msg->operation) {
 
 		case LWM2M_OP_READ: