fixed svace issue for CA

- buffer overflow issue in caprotocolmessage.c
- OICfree timing issue in tcp

Change-Id: Ifd1682e485cc415175023b05657e0cd1e33b3cbc
Signed-off-by: jihwan.seo <jihwan.seo@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/7805
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Jon A. Cruz <jon@joncruz.org>

diff --git a/resource/csdk/connectivity/src/caprotocolmessage.c b/resource/csdk/connectivity/src/caprotocolmessage.c
index 42b8d67..3214b3d 100644 (file)
--- a/resource/csdk/connectivity/src/caprotocolmessage.c
+++ b/resource/csdk/connectivity/src/caprotocolmessage.c
@@ -47,7 +47,7 @@
 
 #define CA_BUFSIZE (128)
 #define CA_PDU_MIN_SIZE (4)
-#define CA_PORT_BUFFER_SIZE (4)
+#define CA_ENCODE_BUFFER_SIZE (4)
 
 static const char COAP_URI_HEADER[] = "coap://[::]/";
 
@@ -397,7 +397,7 @@ CAResult_t CAParseURI(const char *uriInfo, coap_list_t **optlist)
 
     if (uri.port != COAP_DEFAULT_PORT)
     {
-        unsigned char portbuf[CA_PORT_BUFFER_SIZE] = { 0 };
+        unsigned char portbuf[CA_ENCODE_BUFFER_SIZE] = { 0 };
         int ret = coap_insert(optlist,
                               CACreateNewOptionNode(COAP_OPTION_URI_PORT,
                                                     coap_encode_var_bytes(portbuf, uri.port),
@@ -536,13 +536,13 @@ CAResult_t CAParseHeadOption(uint32_t code, const CAInfo_t *info, coap_list_t **
     if (CA_FORMAT_UNDEFINED != info->payloadFormat)
     {
         coap_list_t* node = NULL;
-        uint8_t buf[3] = {0};
+        uint8_t buf[CA_ENCODE_BUFFER_SIZE] = {0};
         switch (info->payloadFormat)
         {
             case CA_FORMAT_APPLICATION_CBOR:
                 node = CACreateNewOptionNode(
                         COAP_OPTION_CONTENT_FORMAT,
-                        coap_encode_var_bytes(buf, (uint16_t)COAP_MEDIATYPE_APPLICATION_CBOR),
+                        coap_encode_var_bytes(buf, (unsigned short)COAP_MEDIATYPE_APPLICATION_CBOR),
                         (char *)buf);
                 break;
             default:
@@ -564,13 +564,13 @@ CAResult_t CAParseHeadOption(uint32_t code, const CAInfo_t *info, coap_list_t **
     if (CA_FORMAT_UNDEFINED != info->acceptFormat)
     {
         coap_list_t* node = NULL;
-        uint8_t buf[3] = {0};
+        uint8_t buf[CA_ENCODE_BUFFER_SIZE] = {0};
         switch (info->acceptFormat)
         {
             case CA_FORMAT_APPLICATION_CBOR:
                 node = CACreateNewOptionNode(
                         COAP_OPTION_ACCEPT,
-                        coap_encode_var_bytes(buf, (uint16_t)COAP_MEDIATYPE_APPLICATION_CBOR),
+                        coap_encode_var_bytes(buf, (unsigned short)COAP_MEDIATYPE_APPLICATION_CBOR),
                         (char *)buf);
                 break;
             default:

diff --git a/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c b/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c
index 5334502..b486540 100644 (file)
--- a/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c
+++ b/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c
@@ -815,8 +815,6 @@ CAResult_t CADisconnectTCPSession(CATCPSessionInfo_t *svritem, size_t index)
     }
     u_arraylist_remove(caglobals.tcp.svrlist, index);
     OICFree(svritem->recvData);
-    OICFree(svritem);
-    ca_mutex_unlock(g_mutexObjectList);
 
     // pass the connection information to RI for keepalive.
     if (g_keepaliveCallback)
@@ -824,6 +822,9 @@ CAResult_t CADisconnectTCPSession(CATCPSessionInfo_t *svritem, size_t index)
         g_keepaliveCallback(svritem->sep.endpoint.addr, svritem->sep.endpoint.port, false);
     }
 
+    OICFree(svritem);
+    ca_mutex_unlock(g_mutexObjectList);
+
     return CA_STATUS_OK;
 }