[CONPRO-1561] Crash in memcpy

[platform/upstream/iotivity.git] / resource / csdk / connectivity / common / src / caremotehandler.c

diff --git a/resource/csdk/connectivity/common/src/caremotehandler.c b/resource/csdk/connectivity/common/src/caremotehandler.c
index a39b7d4..638c04f 100644 (file)
--- a/resource/csdk/connectivity/common/src/caremotehandler.c
+++ b/resource/csdk/connectivity/common/src/caremotehandler.c
@@ -55,6 +55,20 @@ CARequestInfo_t *CACloneRequestInfo(const CARequestInfo_t *rep)
         return NULL;
     }
 
+    // check the method type of request info.
+    // Keep this check in sync with CAMethod_t
+    switch (rep->method)
+    {
+        case CA_GET:
+        case CA_POST:
+        case CA_PUT:
+        case CA_DELETE:
+            break;
+        default:
+            OIC_LOG_V(ERROR, TAG, "Method %u is invalid", rep->method);
+            return NULL;
+    }
+
     // allocate the request info structure.
     CARequestInfo_t *clone = (CARequestInfo_t *) OICMalloc(sizeof(CARequestInfo_t));
     if (!clone)
@@ -101,11 +115,17 @@ CAResponseInfo_t *CACloneResponseInfo(const CAResponseInfo_t *rep)
         case CA_BAD_OPT:
         case CA_FORBIDDEN_REQ:
         case CA_NOT_FOUND:
+        case CA_METHOD_NOT_ALLOWED:
         case CA_NOT_ACCEPTABLE:
         case CA_REQUEST_ENTITY_INCOMPLETE:
         case CA_REQUEST_ENTITY_TOO_LARGE:
+        case CA_TOO_MANY_REQUESTS:
         case CA_INTERNAL_SERVER_ERROR:
+        case CA_NOT_IMPLEMENTED:
+        case CA_BAD_GATEWAY:
+        case CA_SERVICE_UNAVAILABLE:
         case CA_RETRANSMIT_TIMEOUT:
+        case CA_PROXY_NOT_SUPPORTED:
             break;
         default:
             OIC_LOG_V(ERROR, TAG, "Response code  %u is invalid", rep->result);
@@ -164,6 +184,11 @@ void CAFreeEndpoint(CAEndpoint_t *rep)
 
 static void CADestroyInfoInternal(CAInfo_t *info)
 {
+    if (NULL == info)
+    {
+        return;
+    }
+
     // free token field
     OICFree(info->token);
     info->token = NULL;
@@ -233,16 +258,14 @@ CAResult_t CACloneInfo(const CAInfo_t *info, CAInfo_t *clone)
     //Do not free clone. we cannot declare it const, as the content is modified
     if ((info->token) && (0 < info->tokenLength))
     {
-        char *temp = NULL;
-
         // allocate token field
         uint8_t len = info->tokenLength;
 
-        temp = (char *) OICMalloc(len * sizeof(char));
+        char *temp = (char *) OICCalloc(1, (len + 1) * sizeof(char));
         if (!temp)
         {
             OIC_LOG(ERROR, TAG, "CACloneInfo Out of memory");
-            return CA_MEMORY_ALLOC_FAILED;
+            goto exit;
         }
 
         memcpy(temp, info->token, len);
@@ -260,13 +283,14 @@ CAResult_t CACloneInfo(const CAInfo_t *info, CAInfo_t *clone)
         if (!clone->options)
         {
             OIC_LOG(ERROR, TAG, "CACloneInfo Out of memory");
-            CADestroyInfoInternal(clone);
-            return CA_MEMORY_ALLOC_FAILED;
+            goto exit;
         }
         memcpy(clone->options, info->options, sizeof(CAHeaderOption_t) * info->numOptions);
         clone->numOptions = info->numOptions;
     }
 
+    memcpy(&(clone->identity), &(info->identity), sizeof(info->identity));
+
     if ((info->payload) && (0 < info->payloadSize))
     {
         // allocate payload field
@@ -274,8 +298,7 @@ CAResult_t CACloneInfo(const CAInfo_t *info, CAInfo_t *clone)
         if (!temp)
         {
             OIC_LOG(ERROR, TAG, "CACloneInfo Out of memory");
-            CADestroyInfoInternal(clone);
-            return CA_MEMORY_ALLOC_FAILED;
+            goto exit;
         }
         memcpy(temp, info->payload, info->payloadSize);
 
@@ -293,8 +316,7 @@ CAResult_t CACloneInfo(const CAInfo_t *info, CAInfo_t *clone)
         if (!temp)
         {
             OIC_LOG(ERROR, TAG, "CACloneInfo Out of memory");
-            CADestroyInfoInternal(clone);
-            return CA_MEMORY_ALLOC_FAILED;
+            goto exit;
         }
 
         // save the resourceUri
@@ -310,4 +332,7 @@ CAResult_t CACloneInfo(const CAInfo_t *info, CAInfo_t *clone)
 
     return CA_STATUS_OK;
 
+exit:
+    CADestroyInfoInternal(clone);
+    return CA_MEMORY_ALLOC_FAILED;
 }