issue in OwnerUuidUpdateHandler

Fix possible crash in OwnerUuidUpdateHandler() API

https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/pull/682
(cherry-picked from 0132766ed5abdc8252f5ebbdd20583af0b203eda)

Change-Id: Iee6f14b176b52b72fb55e2d9b22ed11d9bc70492
Signed-off-by: Vitalii Irkha <v.irkha@samsung.com>
Signed-off-by: Sudipto <sudipto.bal@samsung.com>

diff --git a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
index 4a9021a..bdd25fc 100644 (file)
--- a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
+++ b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
@@ -1067,69 +1067,68 @@ static OCStackApplicationResult OwnerUuidUpdateHandler(void *ctx, OCDoHandle UNU
     OTMContext_t* otmCtx = (OTMContext_t*)ctx;
     otmCtx->ocDoHandle = NULL;
 
-    if(OC_STACK_RESOURCE_CHANGED == clientResponse->result)
+    if(otmCtx && otmCtx->selectedDeviceInfo)
     {
-        if(otmCtx && otmCtx->selectedDeviceInfo)
+        if(OC_STACK_RESOURCE_CHANGED == clientResponse->result)
         {
-            //In case of Mutual Verified Just-Works, wait for user confirmation
-            if (OIC_MV_JUST_WORKS == otmCtx->selectedDeviceInfo->doxm->oxmSel)
-            {
-                res = VerifyOwnershipTransfer(NULL, USER_CONFIRM);
-                if (OC_STACK_OK != res)
+                //In case of Mutual Verified Just-Works, wait for user confirmation
+                if (OIC_MV_JUST_WORKS == otmCtx->selectedDeviceInfo->doxm->oxmSel)
                 {
-                    if (OC_STACK_OK != SRPResetDevice(otmCtx->selectedDeviceInfo, deleteCallback))
+                    res = VerifyOwnershipTransfer(NULL, USER_CONFIRM);
+                    if (OC_STACK_OK != res)
                     {
-                        OIC_LOG(WARNING, TAG, "OwnerUuidUpdateHandler : SRPResetDevice error");
+                        if (OC_STACK_OK != SRPResetDevice(otmCtx->selectedDeviceInfo, deleteCallback))
+                        {
+                            OIC_LOG(WARNING, TAG, "OwnerUuidUpdateHandler : SRPResetDevice error");
+                        }
+                        OIC_LOG(ERROR, TAG, "OwnerUuidUpdateHandler:Failed to verify user confirm");
+                        SetResult(otmCtx, res);
+                        return OC_STACK_DELETE_TRANSACTION;
                     }
-                    OIC_LOG(ERROR, TAG, "OwnerUuidUpdateHandler:Failed to verify user confirm");
+                }
+
+                res = SaveOwnerPSK(otmCtx->selectedDeviceInfo);
+                if(OC_STACK_OK != res)
+                {
+                    OIC_LOG(ERROR, TAG, "OwnerUuidUpdateHandler:Failed to owner PSK generation");
                     SetResult(otmCtx, res);
                     return OC_STACK_DELETE_TRANSACTION;
                 }
-            }
 
-            res = SaveOwnerPSK(otmCtx->selectedDeviceInfo);
-            if(OC_STACK_OK != res)
+                //POST owner credential to new device according to security spec B.
+                res = PostOwnerCredential(otmCtx);
+                if(OC_STACK_OK != res)
+                {
+                    OIC_LOG(ERROR, TAG,
+                            "OwnerUuidUpdateHandler:Failed to send PosT request for onwer credential");
+                    SetResult(otmCtx, res);
+                    return OC_STACK_DELETE_TRANSACTION;
+                }
+        }
+        else
+        {
+            if (((OIC_MANUFACTURER_CERTIFICATE == otmCtx->selectedDeviceInfo->doxm->oxmSel) ||
+                (OIC_CON_MFG_CERT == otmCtx->selectedDeviceInfo->doxm->oxmSel)) &&
+                        OC_STACK_NOT_ACCEPTABLE == clientResponse->result)
             {
-                OIC_LOG(ERROR, TAG, "OwnerUuidUpdateHandler:Failed to owner PSK generation");
-                SetResult(otmCtx, res);
-                return OC_STACK_DELETE_TRANSACTION;
+                res = OC_STACK_USER_DENIED_REQ;
+                OIC_LOG_V(ERROR, TAG,
+                        "OwnerUuidUpdateHandler : Denied Request(%d)", res);
             }
-
-            //POST owner credential to new device according to security spec B.
-            res = PostOwnerCredential(otmCtx);
-            if(OC_STACK_OK != res)
+            else if (OC_STACK_GATEWAY_TIMEOUT == clientResponse->result)
             {
-                OIC_LOG(ERROR, TAG,
-                        "OwnerUuidUpdateHandler:Failed to send PosT request for onwer credential");
-                SetResult(otmCtx, res);
-                return OC_STACK_DELETE_TRANSACTION;
+                res = clientResponse->result;
+                OIC_LOG_V(ERROR, TAG,
+                        "OwnerUuidUpdateHandler : Timeout:No Response Received(%d)", res);
             }
+            else
+            {
+                res = clientResponse->result;
+                OIC_LOG_V(ERROR, TAG, "OwnerUuidUpdateHandler : Unexpected result(%d)", res);
+            }
+            SetResult(otmCtx, res);
         }
     }
-    else
-    {
-        if (((OIC_MANUFACTURER_CERTIFICATE == otmCtx->selectedDeviceInfo->doxm->oxmSel) ||
-            (OIC_CON_MFG_CERT == otmCtx->selectedDeviceInfo->doxm->oxmSel)) &&
-                    OC_STACK_NOT_ACCEPTABLE == clientResponse->result)
-        {
-            res = OC_STACK_USER_DENIED_REQ;
-            OIC_LOG_V(ERROR, TAG,
-                    "OwnerUuidUpdateHandler : Denied Request(%d)", res);
-        }
-        else if (OC_STACK_GATEWAY_TIMEOUT == clientResponse->result)
-        {
-            res = clientResponse->result;
-            OIC_LOG_V(ERROR, TAG,
-                    "OwnerUuidUpdateHandler : Timeout:No Response Received(%d)", res);
-        }
-        else
-        {
-            res = clientResponse->result;
-            OIC_LOG_V(ERROR, TAG, "OwnerUuidUpdateHandler : Unexpected result(%d)", res);
-        }
-        SetResult(otmCtx, res);
-    }
-
     OIC_LOG(DEBUG, TAG, "OUT OwnerUuidUpdateHandler");
 
 exit: