Fixed SATIZENVUL-1583

- Possible stack overflow - core/connectivity/mdg-manager

Change-Id: Ia2e7566ffa64bda325002d117ae9ddeccbb4d63f
Signed-off-by: saerome.kim <saerome.kim@samsung.com>

diff --git a/src/mdg-manager/src/mdgd_iot.cpp b/src/mdg-manager/src/mdgd_iot.cpp
index 4b178a9..abfbbd6 100644 (file)
--- a/src/mdg-manager/src/mdgd_iot.cpp
+++ b/src/mdg-manager/src/mdgd_iot.cpp
@@ -325,6 +325,12 @@ int mdgd_iot_find_devices(char *sender, int timeout, bool is_invited)
 
                                if (g_strcmp0(readable_uuid, uuid_str) == 0) {
                                        check_invited = true;
+                               }
+                               if (readable_uuid) {
+                                       free(readable_uuid);
+                                       readable_uuid = NULL;
+                               }
+                               if (check_invited) {
                                        break;
                                }
                        }
@@ -370,13 +376,20 @@ static OCProvisionDev_t *_get_dev_by_uuid(DeviceList_t &list, OicUuid_t *target)
 
 static int _get_devid_by_uuid(DeviceList_t &list, OicUuid_t *target)
 {
+       int ret = -1;
        char *t = mdgd_get_readable_uuid(target);
        for (unsigned int i = 0; i < list.size(); i++) {
                if (0 == list[i]->getDeviceID().compare(t)) {
-                       return i;
+                       ret = i;
+                       break;
                }
        }
-       return -1;
+       if (t) {
+               free(t);
+               t = NULL;
+       }
+
+       return ret;
 }
 
 static OicUuid_t *_convert_uuid(gchar *device_id)
@@ -418,13 +431,19 @@ static OicUuid_t *_convert_uuid(gchar *device_id)
 
 static void _mot_cb(PMResultList_t *result, int has_error)
 {
+       char *readable_uuid = NULL;
        LOG_DEBUG("Multiple Ownership Transfer Result = %d", has_error);
        for (unsigned int i = 0; result && i < result->size(); i++) {
+               readable_uuid = mdgd_get_readable_uuid(&result->at(i).deviceId);
                LOG_DEBUG("[%d] %s = [%d][%s]",
-                         i,
-                         mdgd_get_readable_uuid(&result->at(i).deviceId),
-                         result->at(i).res,
-                         mdgd_ocf_error_to_string(result->at(i).res));
+                       i,
+                       readable_uuid,
+                       result->at(i).res,
+                       mdgd_ocf_error_to_string(result->at(i).res));
+               if (readable_uuid) {
+                       free(readable_uuid);
+                       readable_uuid = NULL;
+               }
        }
 
        g_doneCB = true;
@@ -563,13 +582,19 @@ PV_PAIR_END:
 
 static void _remove_cb(PMResultList_t *result, int has_error)
 {
+       char *readable_uuid = NULL;
        LOG_DEBUG("Remove Device Result = %d", has_error);
        for (unsigned int i = 0; result && i < result->size(); i++) {
+               readable_uuid = mdgd_get_readable_uuid(&result->at(i).deviceId);
                LOG_DEBUG("[%d] %s = [%d][%s]",
                          i,
-                         mdgd_get_readable_uuid(&result->at(i).deviceId),
+                         readable_uuid,
                          result->at(i).res,
                          mdgd_ocf_error_to_string(result->at(i).res));
+               if (readable_uuid) {
+                       free(readable_uuid);
+                       readable_uuid = NULL;
+               }
        }
        g_doneCB = true;
 }

diff --git a/src/mdg-manager/src/mdgd_util.c b/src/mdg-manager/src/mdgd_util.c
index 06c0104..1e0f549 100644 (file)
--- a/src/mdg-manager/src/mdgd_util.c
+++ b/src/mdg-manager/src/mdgd_util.c
@@ -86,17 +86,21 @@ const char *mdgd_ocf_error_to_string(int err)
        }
 }
 
-char g_uuid_str[256] = {0};
 char *mdgd_get_readable_uuid(const OicUuid_t *uuid)
 {
-       memset(g_uuid_str, 0, sizeof(g_uuid_str));
-       snprintf(g_uuid_str, sizeof(g_uuid_str),
+       const int READABLE_UUID_LEN = UUID_LENGTH * 2 + 4 + 1;
+       char *uuid_str = calloc(READABLE_UUID_LEN, sizeof(char));
+       if (!uuid_str) {
+               LOG_ERR("Memory Allocation Failed");
+               return NULL;
+       }
+       snprintf(uuid_str, READABLE_UUID_LEN,
                 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
                 (*uuid).id[0], (*uuid).id[1], (*uuid).id[2], (*uuid).id[3],
                 (*uuid).id[4], (*uuid).id[5], (*uuid).id[6], (*uuid).id[7],
                 (*uuid).id[8], (*uuid).id[9], (*uuid).id[10], (*uuid).id[11],
                 (*uuid).id[12], (*uuid).id[13], (*uuid).id[14], (*uuid).id[15]);
-       return g_uuid_str;
+       return uuid_str;
 }
 
 char *mdgd_addr2host(char *addr, int port, bool is_secure)