Fix issues reported by SVACE tool in Security module

Change-Id: I04966f191eb8d0c1a11c7b51b9f209688874a047
Signed-off-by: Andrii Shtompel <a.shtompel@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/5303
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>

diff --git a/resource/csdk/security/src/credresource.c b/resource/csdk/security/src/credresource.c
index 35663d1..ac172f7 100644 (file)
--- a/resource/csdk/security/src/credresource.c
+++ b/resource/csdk/security/src/credresource.c
@@ -375,7 +375,7 @@ OicSecCred_t * JSONToCredBin(const char * jsonStr)
             jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_OWNERS_NAME);
             VERIFY_NON_NULL(TAG, jsonObj, ERROR);
             VERIFY_SUCCESS(TAG, cJSON_Array == jsonObj->type, ERROR);
-            cred->ownersLen = cJSON_GetArraySize(jsonObj);
+            cred->ownersLen = (size_t)cJSON_GetArraySize(jsonObj);
             VERIFY_SUCCESS(TAG, cred->ownersLen > 0, ERROR);
             cred->owners = (OicUuid_t*)OICCalloc(cred->ownersLen, sizeof(OicUuid_t));
             VERIFY_NON_NULL(TAG, (cred->owners), ERROR);
@@ -1188,18 +1188,20 @@ static OCStackResult GetCAPublicKeyData(CADtlsX509Creds_t *credInfo){
 static OCStackResult GetCertCredPublicData(CADtlsX509Creds_t *credInfo, OicSecCred_t *cred)
 {
     OCStackResult ret = OC_STACK_ERROR;
+    cJSON *jsonRoot = NULL;
+
     VERIFY_NON_NULL(TAG, credInfo, ERROR);
     VERIFY_NON_NULL(TAG, cred, ERROR);
     VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
     //VERIFY_SUCCESS(TAG, NULL == credInfo->certificateChain.data, ERROR);
-    cJSON *jsonRoot = cJSON_Parse(cred->publicData.data);
+    jsonRoot = cJSON_Parse(cred->publicData.data);
     VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
 
     //Get certificate chain
     cJSON *jsonObj = cJSON_GetObjectItem(jsonRoot, CERTIFICATE);//TODO define field names constants
     VERIFY_SUCCESS(TAG, NULL != jsonObj && cJSON_Array == jsonObj->type, ERROR);
 
-    size_t certChainLen = cJSON_GetArraySize(jsonObj);
+    size_t certChainLen = (size_t)cJSON_GetArraySize(jsonObj);
     credInfo->chainLen = certChainLen;
     VERIFY_SUCCESS(TAG, MAX_CHAIN_LEN >= certChainLen, ERROR);
 
@@ -1207,6 +1209,7 @@ static OCStackResult GetCertCredPublicData(CADtlsX509Creds_t *credInfo, OicSecCr
     for (size_t i = 0; i < certChainLen; ++i)
     {
         cJSON *item = cJSON_GetArrayItem(jsonObj, i);
+        VERIFY_NON_NULL(TAG, item, ERROR);
         VERIFY_SUCCESS(TAG, cJSON_String == item->type, ERROR);
         uint32_t appendedLen = appendCert2Chain(credInfo->certificateChain + len, item->valuestring,
                                               MAX_CERT_MESSAGE_LEN - len);
@@ -1224,10 +1227,11 @@ exit:
 static OCStackResult GetCertCredPrivateData(CADtlsX509Creds_t *credInfo, OicSecCred_t *cred)
 {
     OCStackResult ret = OC_STACK_ERROR;
+    cJSON *jsonRoot = NULL;
     VERIFY_NON_NULL(TAG, credInfo, ERROR);
     VERIFY_NON_NULL(TAG, cred, ERROR);
     VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
-    cJSON *jsonRoot = cJSON_Parse(cred->privateData.data);
+    jsonRoot = cJSON_Parse(cred->privateData.data);
     VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
 
     cJSON *jsonObj = cJSON_GetObjectItem(jsonRoot, PRIVATE_KEY);//TODO define field names constants

diff --git a/resource/csdk/security/src/crlresource.c b/resource/csdk/security/src/crlresource.c
index 55dd52d..9255508 100644 (file)
--- a/resource/csdk/security/src/crlresource.c
+++ b/resource/csdk/security/src/crlresource.c
@@ -93,7 +93,7 @@ char *BinToCrlJSON(const OicSecCrl_t *crl)
 
     //ThisUpdate -- Mandatory
     outLen = 0;
-    base64CRLLen = B64ENCODE_OUT_SAFESIZE(crl->ThisUpdate.len);
+    base64CRLLen = (uint32_t)B64ENCODE_OUT_SAFESIZE(crl->ThisUpdate.len);
     base64Buff = OICMalloc(base64CRLLen);
     b64Ret = b64Encode(crl->ThisUpdate.data, crl->ThisUpdate.len, base64Buff,
              base64CRLLen, &outLen);
@@ -103,7 +103,7 @@ char *BinToCrlJSON(const OicSecCrl_t *crl)
 
     //CRLData -- Mandatory
     outLen = 0;
-    base64CRLLen = B64ENCODE_OUT_SAFESIZE(crl->CrlData.len);
+    base64CRLLen = (uint32_t)B64ENCODE_OUT_SAFESIZE(crl->CrlData.len);
     base64Buff = OICMalloc(base64CRLLen);
     b64Ret = b64Encode(crl->CrlData.data, crl->CrlData.len, base64Buff,
              base64CRLLen, &outLen);
@@ -186,7 +186,7 @@ OicSecCrl_t *JSONToCrlBin(const char * jsonStr)
     else // PUT/POST JSON will not have ThisUpdate so set it to the gCRList->ThisUpdate
     {
         VERIFY_NON_NULL(TAG, gCrl, ERROR);
-        outLen = gCrl->ThisUpdate.len;
+        outLen = (uint32_t)gCrl->ThisUpdate.len;
         crl->ThisUpdate.data = OICMalloc(outLen + 1);
         memcpy(crl->ThisUpdate.data, gCrl->ThisUpdate.data, outLen);
         crl->ThisUpdate.len = outLen;
@@ -220,7 +220,7 @@ OicSecCrl_t *JSONToCrlBin(const char * jsonStr)
     else // PUT/POST JSON will not have CRLData so set it to the gCRList->CRLData
     {
         VERIFY_NON_NULL(TAG, gCrl, ERROR);
-        outLen = gCrl->CrlData.len;
+        outLen = (uint32_t)gCrl->CrlData.len;
         crl->CrlData.data = OICMalloc(outLen + 1);
         memcpy(crl->CrlData.data, gCrl->CrlData.data, outLen);
         crl->CrlData.len = outLen;
@@ -278,10 +278,7 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest *
         cJSON *jsonObj = cJSON_Parse(jsonCRL);
         OicSecCrl_t *crl = NULL;
         crl = JSONToCrlBin(jsonCRL);
-        if (!crl)
-        {
-            OIC_LOG(ERROR, TAG, "Error JSONToCrlBin");
-        }
+        VERIFY_NON_NULL(TAG, crl, ERROR);
 
         gCrl->CrlId = crl->CrlId;
 
@@ -304,8 +301,9 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest *
         }
 
         DeleteCrlBinData(crl);
-        cJSON_Delete(jsonObj);
 
+        exit:
+        cJSON_Delete(jsonObj);
     }
 
     // Send payload to request originator