SVACE Issues FIx

Change-Id: I35bc6fda843bc6835ca2c56f3b1069136161f6ba

diff --git a/common/uafv1tlvutil/src/GetInfoRespTlvEncoder.cpp b/common/uafv1tlvutil/src/GetInfoRespTlvEncoder.cpp
index 5daac5c..6fd2ec0 100755 (executable)
--- a/common/uafv1tlvutil/src/GetInfoRespTlvEncoder.cpp
+++ b/common/uafv1tlvutil/src/GetInfoRespTlvEncoder.cpp
@@ -457,6 +457,7 @@ AuthInfoTlvEncoder::decode(const unsigned char *rawData)
                if (child == NULL) {
                        SAFE_DELETE(tlv->val);
                        SAFE_DELETE(tlv);
+                       SAFE_DELETE(authInfo->__meta);
                        SAFE_DELETE(authInfo);
 
                        return NULL;
@@ -469,6 +470,7 @@ AuthInfoTlvEncoder::decode(const unsigned char *rawData)
        SAFE_DELETE(tlv);
 
        if (foundMember == false) {
+               SAFE_DELETE(authInfo->__meta);
                free(authInfo);
                return NULL;
        }
@@ -530,6 +532,7 @@ GetInfoRespTlvEncoder::encode(const void *authData)
                                _INFO("GetInfoRespTlvEncoder::encode 11");
 
                                Buffer *metaBuff = __authMetaTlvEncoder.encode(auth->__meta);
+                               RET_IF_FAIL(metaBuff != NULL, NULL);
                                if (metaBuff != NULL) {
                                        _INFO("GetInfoRespTlvEncoder::encode 12");
                                        /*1.4.3 TAG_AUTHENTICATOR_METADATA*/

diff --git a/common/uafv1tlvutil/src/RegAuthAssertionTlvEncoder.cpp b/common/uafv1tlvutil/src/RegAuthAssertionTlvEncoder.cpp
index 90cc8a9..6b5223c 100755 (executable)
--- a/common/uafv1tlvutil/src/RegAuthAssertionTlvEncoder.cpp
+++ b/common/uafv1tlvutil/src/RegAuthAssertionTlvEncoder.cpp
@@ -49,6 +49,7 @@ RegAuthAssertionTlvEncoder::encode(const void *authData)
                regAssertionKrdBuff->data = getRegAssertionKrdTlv->val;
                tlv_builder_add_buffer(builder, TAG_UAFV1_KRD, regAssertionKrdBuff);
                SAFE_DELETE(regAssertionKrdBuff);
+               SAFE_DELETE(regAssertionKrdBuff);
                SAFE_DELETE(getRegAssertionKrdTlv);
        }
 
@@ -163,6 +164,9 @@ RegAuthAssertionTlvEncoder::decode(const unsigned char *rawData)
                if (child == NULL) {
                        SAFE_DELETE(root->val);
                        SAFE_DELETE(root);
+                       SAFE_DELETE(getRegAssertionInfo->krd);
+                       SAFE_DELETE(getRegAssertionInfo->attFull);
+                       SAFE_DELETE(getRegAssertionInfo->attSur);
                        SAFE_DELETE(getRegAssertionInfo);
 
                        return NULL;
@@ -177,6 +181,8 @@ RegAuthAssertionTlvEncoder::decode(const unsigned char *rawData)
        _INFO("");
        if (foundMember == false) {
                _INFO("");
+               SAFE_DELETE(getRegAssertionInfo->attFull);
+               SAFE_DELETE(getRegAssertionInfo->attSur);
                free(getRegAssertionInfo);
                return NULL;
        }

diff --git a/common/uafv1tlvutil/src/RegRespTlvEncoder.cpp b/common/uafv1tlvutil/src/RegRespTlvEncoder.cpp
index 4249c2b..1f19808 100755 (executable)
--- a/common/uafv1tlvutil/src/RegRespTlvEncoder.cpp
+++ b/common/uafv1tlvutil/src/RegRespTlvEncoder.cpp
@@ -58,6 +58,7 @@ RegRespTlvEncoder::encode(const void *authData)
 
        Buffer *buff = tlv_builder_get_buffer(builder);
        SAFE_DELETE(builder);
+       SAFE_DELETE(getRegAssertionBuff);
 
        return buff;
 }
@@ -134,6 +135,7 @@ RegRespTlvEncoder::decode(const unsigned char *rawData)
                if (child == NULL) {
                        SAFE_DELETE(root->val);
                        SAFE_DELETE(root);
+                       SAFE_DELETE(getRegRespInfo->regAssertion);
                        SAFE_DELETE(getRegRespInfo);
 
                        return NULL;
@@ -148,6 +150,7 @@ RegRespTlvEncoder::decode(const unsigned char *rawData)
        _INFO("");
        if (foundMember == false) {
                _INFO("");
+               SAFE_DELETE(getRegRespInfo->regAssertion);
                free(getRegRespInfo);
                return NULL;
        }

diff --git a/common/uafv1tlvutil/src/SignAuthAssertionTlvEncoder.cpp b/common/uafv1tlvutil/src/SignAuthAssertionTlvEncoder.cpp
index 804e336..2a592a3 100755 (executable)
--- a/common/uafv1tlvutil/src/SignAuthAssertionTlvEncoder.cpp
+++ b/common/uafv1tlvutil/src/SignAuthAssertionTlvEncoder.cpp
@@ -126,6 +126,7 @@ SignAuthAssertionTlvEncoder::decode(const unsigned char *rawData)
                if (child == NULL) {
                        SAFE_DELETE(root->val);
                        SAFE_DELETE(root);
+                       SAFE_DELETE(getAuthAssInfo->sigData);
                        SAFE_DELETE(getAuthAssInfo);
 
                        return NULL;
@@ -138,6 +139,7 @@ SignAuthAssertionTlvEncoder::decode(const unsigned char *rawData)
        SAFE_DELETE(root);
 
        if (foundMember == false) {
+               SAFE_DELETE(getAuthAssInfo->sigData);
                free(getAuthAssInfo);
                return NULL;
        }

diff --git a/common/uafv1tlvutil/src/SignRespTlvEncoder.cpp b/common/uafv1tlvutil/src/SignRespTlvEncoder.cpp
index b5a1238..bcf963c 100755 (executable)
--- a/common/uafv1tlvutil/src/SignRespTlvEncoder.cpp
+++ b/common/uafv1tlvutil/src/SignRespTlvEncoder.cpp
@@ -236,6 +236,7 @@ SignRespTlvEncoder::decode(const unsigned char *rawData)
                if (child == NULL) {
                        SAFE_DELETE(root->val);
                        SAFE_DELETE(root);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion);
                        SAFE_DELETE(getAuthRespInfo);
 
                        return NULL;
@@ -248,6 +249,7 @@ SignRespTlvEncoder::decode(const unsigned char *rawData)
        SAFE_DELETE(root);
 
        if (foundMember == false) {
+               SAFE_DELETE(getAuthRespInfo->authAssertion);
                free(getAuthRespInfo);
                return NULL;
        }

diff --git a/common/uafv1tlvutil/src/SignedDataTlvEncoder.cpp b/common/uafv1tlvutil/src/SignedDataTlvEncoder.cpp
index 91809cc..c1c6fb2 100755 (executable)
--- a/common/uafv1tlvutil/src/SignedDataTlvEncoder.cpp
+++ b/common/uafv1tlvutil/src/SignedDataTlvEncoder.cpp
@@ -154,6 +154,8 @@ SignedDataTlvEncoder::decode(const unsigned char *rawData)
                if (child == NULL) {
                        SAFE_DELETE(root->val);
                        SAFE_DELETE(root);
+
+                       SAFE_DELETE(getSigDataInfo->assrtInfo);
                        SAFE_DELETE(getSigDataInfo);
 
                        return NULL;
@@ -166,6 +168,8 @@ SignedDataTlvEncoder::decode(const unsigned char *rawData)
        SAFE_DELETE(root);
 
        if (foundMember == false) {
+
+               SAFE_DELETE(getSigDataInfo->assrtInfo);
                free(getSigDataInfo);
                return NULL;
        }

diff --git a/common/uafv1tlvutil/src/Tlv.cpp b/common/uafv1tlvutil/src/Tlv.cpp
index 46a6a67..241c1cc 100755 (executable)
--- a/common/uafv1tlvutil/src/Tlv.cpp
+++ b/common/uafv1tlvutil/src/Tlv.cpp
@@ -207,7 +207,8 @@ tlv_builder_add_buffer(tlv_builder_s *builder, int tag, Buffer *val)
 {
        if (builder->stack == NULL)
                return NULL;
-
+       RET_IF_FAIL(val != NULL, NULL);
+       RET_IF_FAIL(builder != NULL, NULL);
        tlv_s *node = ALLOC(tlv_s);
        node->tag = tag;
        node->len = val->len;

diff --git a/common/uafv1tlvutil/src/Uafv1KrdTlvEncoder.cpp b/common/uafv1tlvutil/src/Uafv1KrdTlvEncoder.cpp
index 0bee770..9e62c65 100755 (executable)
--- a/common/uafv1tlvutil/src/Uafv1KrdTlvEncoder.cpp
+++ b/common/uafv1tlvutil/src/Uafv1KrdTlvEncoder.cpp
@@ -153,6 +153,8 @@ Uafv1KrdTlvEncoder::decode(const unsigned char *rawData)
                if (child == NULL) {
                        SAFE_DELETE(root->val);
                        SAFE_DELETE(root);
+                       SAFE_DELETE(getKrdInfo->counter);
+                       SAFE_DELETE(getKrdInfo->assrtInfo);
                        SAFE_DELETE(getKrdInfo);
 
                        return NULL;
@@ -165,6 +167,8 @@ Uafv1KrdTlvEncoder::decode(const unsigned char *rawData)
        SAFE_DELETE(root);
 
        if (foundMember == false) {
+               SAFE_DELETE(getKrdInfo->counter);
+               SAFE_DELETE(getKrdInfo->assrtInfo);
                free(getKrdInfo);
                return NULL;
        }

diff --git a/server/auth_discovery/src/BoundADProvider.cpp b/server/auth_discovery/src/BoundADProvider.cpp
index e662bc7..d7bed06 100755 (executable)
--- a/server/auth_discovery/src/BoundADProvider.cpp
+++ b/server/auth_discovery/src/BoundADProvider.cpp
@@ -278,7 +278,7 @@ BoundADProvider::loadPlugins(const std::string& dirName)
 
                                auth_plugin_handle_s *auth_plugin = (auth_plugin_handle_s*)
                                                calloc(1, sizeof(auth_plugin_handle_s));
-
+                               RET_IF_FAIL(auth_plugin != NULL, -1);
                                auth_plugin->conn = createConnectionHandle(mod);
                                auth_plugin->assrt = createAssertionHandle(mod);
                                auth_plugin->hash = createHashHandle(mod);

diff --git a/server/src/AsmStorage.cpp b/server/src/AsmStorage.cpp
index a64efb9..41aa1ee 100755 (executable)
--- a/server/src/AsmStorage.cpp
+++ b/server/src/AsmStorage.cpp
@@ -773,8 +773,8 @@ AsmStorage::searchData(IStorageParcel *parcel)
        const std::string& dbName = parcel->getDBName();
        sqlite3* dbHandle = openDBHandle(dbName);
        RET_IF_FAIL(dbHandle != NULL, NULL);
-
-
+       char *sql = NULL;
+       int ret = 0;
        std::vector<IStorageParcel*> *resultList = new std::vector<IStorageParcel*>();
 
        char *errMsg = NULL;
@@ -996,14 +996,17 @@ AsmStorage::searchData(IStorageParcel *parcel)
        cbData.resList = resultList;
 
        _INFO("AsmStorage::searchData:: query = [%s]", query);
-       sqlite3_mprintf(execquery, query);
-       int ret = sqlite3_exec(dbHandle, execquery, searchItemCb, &cbData, &errMsg);
+       sql = sqlite3_mprintf(execquery, query);
+       CATCH_IF_FAIL(sql == NULL);
+
+
+       ret = sqlite3_exec(dbHandle, execquery, searchItemCb, &cbData, &errMsg);
        _INFO("AsmStorage::searchData:: ERROR MSG : [%s]", errMsg);
        CATCH_IF_FAIL(ret == SQLITE_OK);
 
        _INFO("Records found = [%zd]", resultList->size());
        closeDBHandle(dbHandle);
-
+       sqlite3_free(sql);
        SAFE_DELETE(cbData.dbName);
 
        return resultList;
@@ -1012,7 +1015,7 @@ CATCH :
        _ERR("No Records found");
        sqlite3_free(errMsg);
        closeDBHandle(dbHandle);
-
+       sqlite3_free(sql);
        SAFE_DELETE(cbData.dbName);
 
        return NULL;
@@ -1025,6 +1028,7 @@ AsmStorage::deleteData(IStorageParcel *parcel)
        char *errMsg = NULL;
        char q[BUFFLEN] = {0};
        char *value = NULL;
+       char *sql = NULL;
        char execquery[BUFFLEN] = {0};
        char query[BUFFLEN] = {0};
        RET_IF_FAIL(parcel != NULL, SQLITE_ERROR);
@@ -1116,7 +1120,8 @@ AsmStorage::deleteData(IStorageParcel *parcel)
                _ERR("AUTHLIST does not allow deletion of entries");
                goto CATCH;
        }
-       sqlite3_mprintf(execquery, query);
+       sql = sqlite3_mprintf(execquery, query);
+       CATCH_IF_FAIL(sql == NULL);
        ret = sqlite3_exec(dbHandle, execquery, NULL, 0, &errMsg);
        _INFO("AsmStorage::deleteData:: ERROR MSG : [%s]", errMsg);
        CATCH_IF_FAIL(ret == SQLITE_OK);
@@ -1125,12 +1130,14 @@ AsmStorage::deleteData(IStorageParcel *parcel)
        numRecChanged = sqlite3_changes(dbHandle);
        _INFO("Number of rows deleted=[%d]", numRecChanged);
        closeDBHandle(dbHandle);
+       sqlite3_free(sql);
        return SQLITE_OK;
 
 CATCH:
        _ERR("Record not deleted/ Record does not exists");
        sqlite3_free(errMsg);
        closeDBHandle(dbHandle);
+       sqlite3_free(sql);
        return SQLITE_ERROR;
 }
 

diff --git a/server/src/ClientListener.cpp b/server/src/ClientListener.cpp
index 110837c..41eb25b 100755 (executable)
--- a/server/src/ClientListener.cpp
+++ b/server/src/ClientListener.cpp
@@ -249,12 +249,14 @@ ClientListner::onAgentRequest(Fidoasm *object, GDBusMethodInvocation *invocation
        std::string callerId = FIDO_BT_RAGENT_SVC_PATH;
 
        _INFO("Roaming Agent request");
+       /*TODO: Define a macro in spec file to let the platform/profile SCM decide*/
+       /*
        if (RoamingUtil::isRASupported() == false) {
                _ERR("RA feature not supported");
 
                fidoasm_complete_ra_request(__dbusObj, invocation, -1, ASM_RESP_ACCESS_DENIED);
                return true;
-       }
+       }*/
 
        req = RoamingUtil::createAuthReq(tlvReqB64);
        if (req == NULL) {

diff --git a/silent_auth/silent_auth_entry.cpp b/silent_auth/silent_auth_entry.cpp
index 1944e9e..6661e92 100755 (executable)
--- a/silent_auth/silent_auth_entry.cpp
+++ b/silent_auth/silent_auth_entry.cpp
@@ -430,11 +430,14 @@ processAuthenticate(unsigned char *assert_req)
                                        _INFO("Key Handle Parameters : [%s][%s][%s]", user_name, pri_key, khA);
 
                                        UserNameKeyHandle *ukhInfoNew = ALLOC(UserNameKeyHandle);
+                                       RET_IF_FAIL(ukhInfoNew != NULL, NULL);
                                        ukhInfoNew->userName = user_name;
                                        user_name = NULL;
 
                                        ukhInfoNew->kh = ALLOC(Buffer);
+                                       RET_IF_FAIL(ukhInfoNew->kh != NULL, NULL);
                                        ukhInfoNew->kh->data = NALLOC(BIG_STRING_SIZE, uint8_t);
+                                       RET_IF_FAIL(ukhInfoNew->kh->data != NULL, NULL);
                                        ukhInfoNew->kh->len = strlen((char*)khStr);
                                        memcpy(ukhInfoNew->kh->data, khStr, strlen((char*)khStr));