From be2b361b35e034160ce331b7035a76ac2a8a7b5f Mon Sep 17 00:00:00 2001
From: Michael Scott <mike@foundries.io>
Date: Mon, 27 Aug 2018 13:57:23 -0700
Subject: [PATCH] net: lwm2m: check for read permission on observe

When processing an observe request we fail to check whether a
resource has the read permission set.  Let's check and if it
doesn't return -EPERM.

NOTE: Also do diligence and return -ENOENT when an object field
cannot be found while looking for the permission.

Fixes https://github.com/zephyrproject-rtos/zephyr/issues/8286

Signed-off-by: Michael Scott <mike@foundries.io>
---
 subsys/net/lib/lwm2m/lwm2m_engine.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/subsys/net/lib/lwm2m/lwm2m_engine.c b/subsys/net/lib/lwm2m/lwm2m_engine.c
index bdf194acbd3..1bad30d7e7d 100644
--- a/subsys/net/lib/lwm2m/lwm2m_engine.c
+++ b/subsys/net/lib/lwm2m/lwm2m_engine.c
@@ -413,6 +413,7 @@ static int engine_add_observer(struct lwm2m_message *msg,
 			       u16_t format)
 {
 	struct lwm2m_engine_obj *obj = NULL;
+	struct lwm2m_engine_obj_field *obj_field = NULL;
 	struct lwm2m_engine_obj_inst *obj_inst = NULL;
 	struct observe_node *obs;
 	struct sockaddr *addr;
@@ -502,6 +503,21 @@ static int engine_add_observer(struct lwm2m_message *msg,
 			return -ENOENT;
 		}
 
+		/* load object field data */
+		obj_field = lwm2m_get_engine_obj_field(obj,
+				obj_inst->resources[i].res_id);
+		if (!obj_field) {
+			SYS_LOG_ERR("unable to find obj_field: %u/%u/%u",
+				    path->obj_id, path->obj_inst_id,
+				    path->res_id);
+			return -ENOENT;
+		}
+
+		/* check for READ permission on matching resource */
+		if (!LWM2M_HAS_PERM(obj_field, LWM2M_PERM_R)) {
+			return -EPERM;
+		}
+
 		ret = update_attrs(&obj_inst->resources[i], &attrs);
 		if (ret < 0) {
 			return ret;