From 3a33015fc94e45a6cc8522dcc73db79b088c12ae Mon Sep 17 00:00:00 2001
From: Miguel Company <miguelcompany@eprosima.com>
Date: Fri, 22 Nov 2024 13:27:18 +0100
Subject: [PATCH 1/3] Refs #19927. Add unit test.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
---
 .../builtin/BuiltinDataSerializationTests.cpp | 65 +++++++++++++++++++
 1 file changed, 65 insertions(+)

diff --git a/test/unittest/rtps/builtin/BuiltinDataSerializationTests.cpp b/test/unittest/rtps/builtin/BuiltinDataSerializationTests.cpp
index 16602d2f3e8..3dcd144c2dc 100644
--- a/test/unittest/rtps/builtin/BuiltinDataSerializationTests.cpp
+++ b/test/unittest/rtps/builtin/BuiltinDataSerializationTests.cpp
@@ -2474,6 +2474,71 @@ TEST(BuiltinDataSerializationTests, deserialization_of_big_parameters)
     }
 }
 
+/*!
+ * This is a regression test for redmine issue #19927
+ *
+ * It checks that proxy data for readers and writers can only be updated if the security attributes are equal.
+ */
+TEST(BuiltinDataSerializationTests, security_attributes_update)
+{
+    // Only if security is enabled
+#if HAVE_SECURITY
+
+    // Test for ReaderProxyData
+    {
+        ReaderProxyData original(max_unicast_locators, max_multicast_locators);
+        original.security_attributes_ = 0x01;
+        original.plugin_security_attributes_ = 0x02;
+
+        ReaderProxyData updated(original);
+        EXPECT_TRUE(original.is_update_allowed(updated));
+
+        updated.security_attributes_ = original.security_attributes_ + 10;
+        updated.plugin_security_attributes_ = original.plugin_security_attributes_;
+        EXPECT_FALSE(original.is_update_allowed(updated));
+
+        updated.security_attributes_ = original.security_attributes_;
+        updated.plugin_security_attributes_ = original.plugin_security_attributes_ + 10;
+        EXPECT_FALSE(original.is_update_allowed(updated));
+
+        updated.security_attributes_ = original.plugin_security_attributes_;
+        updated.plugin_security_attributes_ = original.plugin_security_attributes_;
+        EXPECT_FALSE(original.is_update_allowed(updated));
+
+        updated.security_attributes_ = original.security_attributes_;
+        updated.plugin_security_attributes_ = original.security_attributes_;
+        EXPECT_FALSE(original.is_update_allowed(updated));
+    }
+
+    // Test for WriterProxyData
+    {
+        WriterProxyData original(max_unicast_locators, max_multicast_locators);
+        original.security_attributes_ = 0x01;
+        original.plugin_security_attributes_ = 0x02;
+
+        WriterProxyData updated(original);
+        EXPECT_TRUE(original.is_update_allowed(updated));
+
+        updated.security_attributes_ = original.security_attributes_ + 10;
+        updated.plugin_security_attributes_ = original.plugin_security_attributes_;
+        EXPECT_FALSE(original.is_update_allowed(updated));
+
+        updated.security_attributes_ = original.security_attributes_;
+        updated.plugin_security_attributes_ = original.plugin_security_attributes_ + 10;
+        EXPECT_FALSE(original.is_update_allowed(updated));
+
+        updated.security_attributes_ = original.plugin_security_attributes_;
+        updated.plugin_security_attributes_ = original.plugin_security_attributes_;
+        EXPECT_FALSE(original.is_update_allowed(updated));
+
+        updated.security_attributes_ = original.security_attributes_;
+        updated.plugin_security_attributes_ = original.security_attributes_;
+        EXPECT_FALSE(original.is_update_allowed(updated));
+    }
+
+#endif  // HAVE_SECURITY
+}
+
 } // namespace rtps
 } // namespace fastdds
 } // namespace eprosima

From d7634846d133f0973ee5501bba44311d807f12ae Mon Sep 17 00:00:00 2001
From: Miguel Company <miguelcompany@eprosima.com>
Date: Fri, 22 Nov 2024 13:08:46 +0100
Subject: [PATCH 2/3] Refs #19927. Fix issue in ReaderProxyData.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
---
 src/cpp/rtps/builtin/data/ReaderProxyData.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cpp/rtps/builtin/data/ReaderProxyData.cpp b/src/cpp/rtps/builtin/data/ReaderProxyData.cpp
index 7aba95c8146..e3c2f1b6d11 100644
--- a/src/cpp/rtps/builtin/data/ReaderProxyData.cpp
+++ b/src/cpp/rtps/builtin/data/ReaderProxyData.cpp
@@ -1205,7 +1205,7 @@ bool ReaderProxyData::is_update_allowed(
     if ((m_guid != rdata.m_guid) ||
 #if HAVE_SECURITY
             (security_attributes_ != rdata.security_attributes_) ||
-            (plugin_security_attributes_ != rdata.security_attributes_) ||
+            (plugin_security_attributes_ != rdata.plugin_security_attributes_) ||
 #endif // if HAVE_SECURITY
             (m_typeName != rdata.m_typeName) ||
             (m_topicName != rdata.m_topicName))

From b3fc5c5883432a018aecb9e5541105f79daf6632 Mon Sep 17 00:00:00 2001
From: Miguel Company <miguelcompany@eprosima.com>
Date: Fri, 22 Nov 2024 13:10:00 +0100
Subject: [PATCH 3/3] Refs #19927. Fix issue in WriterProxyData.

Signed-off-by: Miguel Company <miguelcompany@eprosima.com>
---
 src/cpp/rtps/builtin/data/WriterProxyData.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cpp/rtps/builtin/data/WriterProxyData.cpp b/src/cpp/rtps/builtin/data/WriterProxyData.cpp
index 2c2d4517f25..31b1dcb14bb 100644
--- a/src/cpp/rtps/builtin/data/WriterProxyData.cpp
+++ b/src/cpp/rtps/builtin/data/WriterProxyData.cpp
@@ -1217,7 +1217,7 @@ bool WriterProxyData::is_update_allowed(
             (persistence_guid_ != wdata.persistence_guid_) ||
 #if HAVE_SECURITY
             (security_attributes_ != wdata.security_attributes_) ||
-            (plugin_security_attributes_ != wdata.security_attributes_) ||
+            (plugin_security_attributes_ != wdata.plugin_security_attributes_) ||
 #endif // if HAVE_SECURITY
             (m_typeName != wdata.m_typeName) ||
             (m_topicName != wdata.m_topicName))