Crash in OCProcessPresence()

1. Set presence to NULL incase allocation of timeout
array fails. This ensures that OCProcessPresence does
not process this cbNode, thereby preventing possible
NULL dereference of timeout.
2. Do not send request if timeout has reached/exceeded
the  PresenceTimeOutSize. This prevents a possible buffer
overrun in accessing the timeout array.

https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/pull/279
(cherry picked from commit 22079af2bd0f22a80b98c3b17469c3b8ed601ede)

Change-Id: I27ec81c8ff5f9d887c8308e2042f744e6fabee29
Signed-off-by: Veeraj Khokale <veeraj.sk@samsung.com>
Signed-off-by: Amit KS <amit.s12@samsung.com>

diff --git a/resource/csdk/stack/src/ocstack.c b/resource/csdk/stack/src/ocstack.c
index c34b2f2..60e8e29 100644 (file)
--- a/resource/csdk/stack/src/ocstack.c
+++ b/resource/csdk/stack/src/ocstack.c
@@ -1242,6 +1242,7 @@ OCStackResult HandlePresenceResponse(const CAEndpoint_t *endpoint,
                     OIC_LOG(ERROR, TAG,
                                   "Could not allocate memory for cbNode->presence->timeOut");
                     OICFree(cbNode->presence);
+                    cbNode->presence = NULL;
                     result = OC_STACK_NO_MEMORY;
                     goto exit;
                 }
@@ -3386,6 +3387,7 @@ OCStackResult OCProcessPresence()
             {
                 FindAndDeleteClientCB(cbNode);
             }
+            continue;
         }
 
         if (now < cbNode->presence->timeOut[cbNode->presence->TTLlevel])