fix svace issue

Change-Id: Iaa019d2de998d7432d75d3b2e804453539adb12c
Signed-off-by: jkjo92 <jkjo92@samsung.com>

diff --git a/common/fido_b64_util.c b/common/fido_b64_util.c
old mode 100644 (file)
new mode 100755 (executable)
index 32f8100..cbb4141
--- a/common/fido_b64_util.c
+++ b/common/fido_b64_util.c
@@ -128,6 +128,8 @@ _fido_b64url_decode(const unsigned char *in,  int inlen, unsigned char *out, int
        if (bmem)
                BIO_free_all(bmem);
 
+       SAFE_DELETE(base64);
+
        _INFO("_fido_b64url_decode end");
 
        return 0;

diff --git a/common/fido_json_handler.c b/common/fido_json_handler.c
index 1022dc8..eb80c0b 100755 (executable)
--- a/common/fido_json_handler.c
+++ b/common/fido_json_handler.c
@@ -2406,7 +2406,7 @@ _uaf_composer_compose_dereg_request(_response_t *uaf_res)
        json_builder_add_string_value(header_root, uaf_res->header->app_id);
 
        json_builder_set_member_name(header_root, _JSON_KEY_OP);
-       json_builder_add_string_value(header_root, strdup(_UAF_OPERATION_NAME_KEY_DE_REG));
+       json_builder_add_string_value(header_root, _UAF_OPERATION_NAME_KEY_DE_REG);
 
        json_builder_set_member_name(header_root, _JSON_KEY_SERVER_DATA);
        json_builder_add_string_value(header_root, uaf_res->header->server_data);
@@ -2487,7 +2487,7 @@ _uaf_composer_compose_dereg_request(_response_t *uaf_res)
                                json_builder_add_string_value(obj, (char *)key_id_enc);
                                _INFO("keyid=[%s]", key_id_enc);
                        }
-
+                       SAFE_DELETE(key_id_enc);
                }
 
                _INFO("after assertions");

diff --git a/common/fido_tlv_util.c b/common/fido_tlv_util.c
old mode 100644 (file)
new mode 100755 (executable)
index 6b39c4d..ced34e0
--- a/common/fido_tlv_util.c
+++ b/common/fido_tlv_util.c
@@ -87,7 +87,11 @@ _tlv_util_decode_reg_assertion(char *tlv_enc)
        unsigned char *tlv_dec = calloc(1, tlv_dec_len);
 
        int r = _fido_b64url_decode((unsigned char *)tlv_enc, in_len, tlv_dec, &tlv_dec_len);
-       RET_IF_FAIL(r == 0, NULL);
+
+       if (r !=0) {
+               SAFE_DELETE(tlv_dec);
+               return NULL;
+       }
 
        _INFO("in len = [%d], decoded len = [%d]", in_len, tlv_dec_len);
 

diff --git a/server/fido_app_id_handler.c b/server/fido_app_id_handler.c
index 9f4c50a..6c46409 100755 (executable)
--- a/server/fido_app_id_handler.c
+++ b/server/fido_app_id_handler.c
@@ -585,7 +585,7 @@ _verify_and_get_facet_id(const char *uaf_app_id, GDBusMethodInvocation *invocati
        cb_data->user_data = user_data;
 
        /*Case 1: UAF JSON does not have appID, so no check is required, put facetid*/
-       if (uaf_app_id == NULL) {
+       if ((uaf_app_id == NULL) || (!strcmp(uaf_app_id, ""))) {
                _DBG("UAF msg does not have appID");
                cb_data->real_app_id = __get_tz_facet_id_of_caller(app_id, invocation);
                g_timeout_add(2, __timer_expired, cb_data);

diff --git a/server/fido_privilege_checker.c b/server/fido_privilege_checker.c
old mode 100644 (file)
new mode 100755 (executable)
index 59a9633..cbbe15f
--- a/server/fido_privilege_checker.c
+++ b/server/fido_privilege_checker.c
@@ -95,9 +95,9 @@ __check_privilege_by_cynara(const char *client, const char *session, const char
        }
 
        return FIDO_ERROR_NONE;
-#endif
-
+#else
        return FIDO_ERROR_NONE;
+#endif
 }
 
 static int

diff --git a/server/fido_server.c b/server/fido_server.c
index 6aee642..51b6ae8 100755 (executable)
--- a/server/fido_server.c
+++ b/server/fido_server.c
@@ -726,10 +726,10 @@ _ui_response_callback(int error_code, _ui_auth_data_t *selected_auth_data, void
        match_data->auth_index = selected_auth_data->auth_index;
        match_data->asm_id = strdup(selected_auth_data->asm_id);
 
-       if (cb_data->type == _PROCESS_TYPE_REG)
+       if ((cb_data != NULL) && (cb_data->type == _PROCESS_TYPE_REG))
                __handle_reg(cb_data, match_data);
 
-       if (cb_data->type == _PROCESS_TYPE_AUTH)
+       if ((cb_data != NULL) && (cb_data->type == _PROCESS_TYPE_AUTH))
                __handle_auth(cb_data, match_data);
 
        _free_matched_auth_data(match_data);
@@ -1196,14 +1196,15 @@ _discover_response_cb_for_process(int tz_error_code, int error_code, GList *avai
                }
        } else {
                GList *allowed_auth_list_iter = allowed_auth_list;
-               _matched_auth_data_t *match_data = (_matched_auth_data_t *)(allowed_auth_list_iter->data);
-
-               if (cb_data->type == _PROCESS_TYPE_REG)
-                       __handle_reg(cb_data, match_data);
+               if (allowed_auth_list_iter != NULL) {
+                       _matched_auth_data_t *match_data = (_matched_auth_data_t *)(allowed_auth_list_iter->data);
 
-               else if (cb_data->type == _PROCESS_TYPE_AUTH)
-                       __handle_auth(cb_data, match_data);
+                       if ((cb_data != NULL) && (cb_data->type == _PROCESS_TYPE_REG))
+                               __handle_reg(cb_data, match_data);
 
+                       if ((cb_data != NULL) && (cb_data->type == _PROCESS_TYPE_AUTH))
+                               __handle_auth(cb_data, match_data);
+               }
        }
        if (allowed_auth_list != NULL)
                g_list_free_full(allowed_auth_list, _free_matched_auth_data);