Crash in OCProcessPresence()

1. Set presence to NULL incase allocation of timeout
array fails. This ensures that OCProcessPresence does
not process this cbNode, thereby preventing possible
NULL dereference of timeout.
2. Do not send request if timeout has reached/exceeded
the  PresenceTimeOutSize. This prevents a possible buffer
overrun in accessing the timeout array.

https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/pull/279
(cherry picked from commit 22079af2bd0f22a80b98c3b17469c3b8ed601ede)

Change-Id: I27ec81c8ff5f9d887c8308e2042f744e6fabee29
Signed-off-by: Veeraj Khokale <veeraj.sk@samsung.com>
Signed-off-by: Amit KS <amit.s12@samsung.com>

diff --git a/resource/csdk/stack/src/ocstack.c b/resource/csdk/stack/src/ocstack.c
index c34b2f2f78bb2e4975d265fb57b2ead5f51616c3..60e8e29fb572d921b4797695103385fb7a5e6eb4 100644 (file)
--- a/resource/csdk/stack/src/ocstack.c
+++ b/resource/csdk/stack/src/ocstack.c
@@ -1242,6 +1242,7 @@ OCStackResult HandlePresenceResponse(const CAEndpoint_t *endpoint,
                     OIC_LOG(ERROR, TAG,
                                   "Could not allocate memory for cbNode->presence->timeOut");
                     OICFree(cbNode->presence);
+                    cbNode->presence = NULL;
                     result = OC_STACK_NO_MEMORY;
                     goto exit;
                 }
@@ -3386,6 +3387,7 @@ OCStackResult OCProcessPresence()
             {
                 FindAndDeleteClientCB(cbNode);
             }
+            continue;
         }
 
         if (now < cbNode->presence->timeOut[cbNode->presence->TTLlevel])