Fixed SVACE issues

Change-Id: If4abce79a97fcfda2d99af4c0a6377965e83a5a1
Signed-off-by: Manasij Sur Roy <manasij.r@samsung.com>

diff --git a/common/fido_json_handler.c b/common/fido_json_handler.c
index 3f108cf..40e4bb8 100644 (file)
--- a/common/fido_json_handler.c
+++ b/common/fido_json_handler.c
@@ -1867,8 +1867,10 @@ _uaf_composer_compose_final_challenge(const char *app_id, const char *challenge,
     SAFE_DELETE(json_str);
     g_object_unref(generator);
 
-    if (r != 0)
-        return NULL;
+       if (r != 0) {
+               SAFE_DELETE(fc_enc);
+               return NULL;
+       }
 
     _INFO("_fido_b64url_encoded string=%s", fc_enc);
 

diff --git a/server/fido_asm_plugin_manager.c b/server/fido_asm_plugin_manager.c
index 0454ae8..2e02620 100644 (file)
--- a/server/fido_asm_plugin_manager.c
+++ b/server/fido_asm_plugin_manager.c
@@ -120,7 +120,8 @@ __load_plugins(char **plugin_path)
     asm_proxy_table = g_hash_table_new_full(g_str_hash, g_str_equal, free, _free_fido_asm_proxy);
 
     DIR *dir;
-    struct dirent *entry;
+       struct dirent entry;
+       struct dirent *result;
     bool is_64 = true;
 
     dir = opendir(_ASM_CONF_DIR_PATH_64);
@@ -129,7 +130,7 @@ __load_plugins(char **plugin_path)
                dir = opendir(_ASM_CONF_DIR_PATH);
                if (dir == NULL) {
 
-                       _ERR("Could not open [%s] and [%s] path = [%s]", _ASM_CONF_DIR_PATH_64, _ASM_CONF_DIR_PATH, strerror(errno));
+                       _ERR("Could not open [%s] and [%s] path", _ASM_CONF_DIR_PATH_64, _ASM_CONF_DIR_PATH);
                        return FIDO_ERROR_PERMISSION_DENIED;
                }
                is_64 = false;
@@ -145,9 +146,10 @@ __load_plugins(char **plugin_path)
 
     _INFO("Loading ASM conf files from [%s]", *plugin_path);
 
-    while ((entry = readdir(dir)) != NULL) {
-        if (entry->d_type == DT_REG) {
-            char *conf_file_name = entry->d_name;
+       while ((readdir_r(dir, &entry, &result) == 0)
+                  && (result != NULL)) {
+               if (entry.d_type == DT_REG) {
+                       char *conf_file_name = entry.d_name;
             if (conf_file_name != NULL) {
                 char conf_file_name_full[128] = {0, };
                 /*TODO make safe size*/

diff --git a/server/fido_uaf_policy_checker.c b/server/fido_uaf_policy_checker.c
index 2d8b4c7..535436e 100644 (file)
--- a/server/fido_uaf_policy_checker.c
+++ b/server/fido_uaf_policy_checker.c
@@ -73,8 +73,9 @@ _policy_checker_is_matched(_match_criteria_t *match_criteria, fido_authenticator
     GList *vendor_list = match_criteria->vendor_list;
 
     if (vendor_list && auth_info->aaid) {
+               char *save_ptr = NULL;
         char *auth_aaid = strdup(auth_info->aaid);
-        char *auth_vendor = strtok(auth_aaid, "#");
+               char *auth_vendor = strtok_r(auth_aaid, "#", &save_ptr);
 
         if (vendor_list &&
                 (g_list_length(vendor_list)) &&

diff --git a/test/shell_tc/fido_shell_tc.c b/test/shell_tc/fido_shell_tc.c
index b0216d0..72088dd 100644 (file)
--- a/test/shell_tc/fido_shell_tc.c
+++ b/test/shell_tc/fido_shell_tc.c
@@ -75,54 +75,57 @@ __process_cb(fido_error_e tizen_error_code, const char *uaf_response, void *user
        get_user_choice();
 }
 
+#define STRING_SIZE_1024 1024
+#define STRING_SIZE_5000 5000
+
 void fido_attestation_type_cb_list(fido_auth_attestation_type_e att_type, void *user_data)
 {
        char *str = (char *) user_data;
 
-       char tmp[1024] = {0,};
+       char tmp[STRING_SIZE_1024] = {0,};
        if(att_type != -1) {
-               sprintf(tmp, " | Attestation Type = [%d]", att_type);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | Attestation Type = [%d]", att_type);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
 }
 
 static char *
 __get_authinfo_string(const fido_authenticator_h auth)
 {
-       char str[5000] = {0,};
+       char str[STRING_SIZE_5000] = {0,};
        str[0] = '\0';
        strcpy(str, "DISCOVER RESPONSE");
-       char tmp[1024] = {0,};
+       char tmp[STRING_SIZE_1024] = {0,};
 
        char *title =  NULL;
        fido_authenticator_get_title(auth, &title);
        if(title) {
-               sprintf(tmp, " | Title = [%s]", title);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | Title = [%s]", title);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
        free(title);
 
        char *aaid = NULL;
        fido_authenticator_get_aaid(auth, &aaid);
        if(aaid) {
-               sprintf(tmp, " | AAID = [%s]", aaid);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | AAID = [%s]", aaid);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
        free(aaid);
 
        char *description = NULL;
        fido_authenticator_get_description(auth, &description);
        if(description) {
-               sprintf(tmp, " | Description = [%s]", description);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | Description = [%s]", description);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
        free(description);
 
        char *scheme = NULL;
        fido_authenticator_get_assertion_scheme(auth, &scheme);
        if(scheme) {
-               sprintf(tmp, " | Scheme = [%s]", scheme);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | Scheme = [%s]", scheme);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
        free(scheme);
 
@@ -131,58 +134,58 @@ __get_authinfo_string(const fido_authenticator_h auth)
        fido_auth_algo_e get_algo = -1;
        fido_authenticator_get_algorithm(auth, &get_algo);
        if(get_algo != -1) {
-               sprintf(tmp, " | Algo = [%d]", get_algo);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | Algo = [%d]", get_algo);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
 
        fido_auth_user_verify_type_e user_ver = -1;
        fido_authenticator_get_verification_method(auth, &user_ver);
        if(user_ver != -1) {
-               sprintf(tmp, " | Verification = [%d]", user_ver);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | Verification = [%d]", user_ver);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
 
        fido_auth_key_protection_type_e key_protection = -1;
        fido_authenticator_get_key_protection_method(auth, &key_protection);
        if(key_protection != -1) {
-               sprintf(tmp, " | Key Protection = [%d]", key_protection);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | Key Protection = [%d]", key_protection);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
 
        fido_auth_matcher_protection_type_e matcher_protection = -1;
        fido_authenticator_get_matcher_protection_method(auth, &matcher_protection);
        if(matcher_protection != -1) {
-               sprintf(tmp, " | Matcher Protection = [%d]", matcher_protection);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | Matcher Protection = [%d]", matcher_protection);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
 
        fido_auth_attachment_hint_e attachment_hint = -1;
        fido_authenticator_get_attachment_hint(auth, &attachment_hint);
        if(attachment_hint != -1) {
-               sprintf(tmp, " | Attachment Hint = [%d]", attachment_hint);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | Attachment Hint = [%d]", attachment_hint);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
 
        fido_auth_tc_display_type_e tc_discplay = -1;
        fido_authenticator_get_tc_discplay(auth, &tc_discplay);
        if(tc_discplay != -1) {
-               sprintf(tmp, " | Tc Display = [%d]", tc_discplay);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | Tc Display = [%d]", tc_discplay);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
 
        char *tc_display_type = NULL;
        fido_authenticator_get_tc_display_type(auth, &tc_display_type);
        if(tc_display_type) {
-               sprintf(tmp, " | Tc Display Type = [%s]", tc_display_type);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | Tc Display Type = [%s]", tc_display_type);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
        free(tc_display_type);
 
        char *icon = NULL;
        fido_authenticator_get_icon(auth, &icon);
        if(icon) {
-               sprintf(tmp, " | Icon = [%s]", icon);
-               strcat(str, tmp);
+               snprintf(tmp, STRING_SIZE_1024 - 1, " | Icon = [%s]", icon);
+               strncat(str, tmp, STRING_SIZE_1024 - 1);
        }
        free(icon);
 
@@ -332,11 +335,15 @@ _process_cb_for_notify_neg(fido_error_e tizen_error_code, const char *uaf_respon
        if (tizen_error_code == 0) {
 
                int ret = fido_uaf_set_server_result(0, uaf_response);
-
-               char *str = __get_error_code(ret);
-               printf("%s\n", str);
-               fflush(stdout);
-               free(str);
+               if (ret == FIDO_ERROR_NONE) {
+                       printf("SUCCESS\n");
+               }
+               else {
+                       char *str = __get_error_code(ret);
+                       printf("Error Code = %s\n", str);
+                       free(str);
+               }
+               fflush(stdout);         
        }
        else {
                __show_error(tizen_error_code);