[IOT-1833] [IOT-1834] CTT 1.7.8.3 fixes

1. Remove bogus memset from ClearRequestContext.

2. Don't try to log already-freed block from CAAddBlockOption1.

3. Fix (read) buffer overrun due to logging non-zero-terminated
   payload as a string, from CAUpdatePayloadData

Change-Id: I0e02f7656471921098ebce1cb5e216c0934d2eb2
Signed-off-by: Dan Mihai <Daniel.Mihai@microsoft.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/17387
Reviewed-by: Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Tested-by: jenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: Mike Fenelon <mike.fenelon@microsoft.com>
Reviewed-by: Jaewook Jung <jw0213.jung@samsung.com>
Reviewed-by: Kevin Kane <kkane@microsoft.com>

diff --git a/resource/csdk/connectivity/src/cablockwisetransfer.c b/resource/csdk/connectivity/src/cablockwisetransfer.c
index bbb5be4..bf31eaf 100644 (file)
--- a/resource/csdk/connectivity/src/cablockwisetransfer.c
+++ b/resource/csdk/connectivity/src/cablockwisetransfer.c
@@ -33,6 +33,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <inttypes.h>
 
 #include "caadapterutils.h"
 #include "cainterface.h"
@@ -1625,6 +1626,7 @@ CAResult_t CAAddBlockOption1(coap_pdu_t **pdu, const CAInfo_t *info, size_t data
         OIC_LOG(ERROR, TAG, "getting has failed");
         return CA_STATUS_FAILED;
     }
+    bool blockRemoved = false;
 
     CAResult_t res = CA_STATUS_OK;
     uint32_t code = (*pdu)->transport_hdr->udp.code;
@@ -1704,17 +1706,25 @@ CAResult_t CAAddBlockOption1(coap_pdu_t **pdu, const CAInfo_t *info, size_t data
                 OIC_LOG(ERROR, TAG, "remove has failed");
                 return res;
             }
+            blockRemoved = true;
         }
     }
 
-    CALogBlockInfo(block1);
+    if (!blockRemoved)
+    {
+        CALogBlockInfo(block1);
+    }
 
     OIC_LOG(DEBUG, TAG, "OUT-AddBlockOption1");
 
     return CA_STATUS_OK;
 
 exit:
-    CARemoveBlockDataFromList(blockID);
+    if (!blockRemoved)
+    {
+        CARemoveBlockDataFromList(blockID);
+    }
+
     return res;
 }
 
@@ -2005,7 +2015,7 @@ CAResult_t CAUpdatePayloadData(CABlockData_t *currData, const CAData_t *received
         // update received payload length
         currData->receivedPayloadLen += blockPayloadLen;
 
-        OIC_LOG_V(DEBUG, TAG, "updated payload: %s, len: %zu", currData->payload,
+        OIC_LOG_V(DEBUG, TAG, "updated payload: @ %p, len: %" PRIuPTR, currData->payload,
                   currData->receivedPayloadLen);
     }
 

diff --git a/resource/csdk/security/src/policyengine.c b/resource/csdk/security/src/policyengine.c
index 75bbb87..9f056ca 100644 (file)
--- a/resource/csdk/security/src/policyengine.c
+++ b/resource/csdk/security/src/policyengine.c
@@ -475,8 +475,8 @@ static void ProcessAccessRequest(SRMRequestContext_t *context)
 void CheckPermission(SRMRequestContext_t *context)
 {
     assert(NULL != context);
-    assert(context->requestedPermission != 0);
-    assert((context->requestedPermission & ~PERMISSION_FULL_CONTROL) == 0);
+    assert(0 != context->requestedPermission);
+    assert(0 == (context->requestedPermission & ~PERMISSION_FULL_CONTROL));
 
     // Before doing any ACL processing, check if request is a) coming
     // from DevOwner AND b) the device is in Ready for OTM or Reset state

diff --git a/resource/csdk/security/src/secureresourcemanager.c b/resource/csdk/security/src/secureresourcemanager.c
index fc8bd3d..037a22e 100644 (file)
--- a/resource/csdk/security/src/secureresourcemanager.c
+++ b/resource/csdk/security/src/secureresourcemanager.c
@@ -217,8 +217,8 @@ void ClearRequestContext(SRMRequestContext_t *context)
         context->subjectIdType = SUBJECT_ID_TYPE_ERROR;
         memset(&context->subjectUuid, 0, sizeof(context->subjectUuid));
 #ifdef MULTIPLE_OWNER
-        memset(&context->payload, 0, context->payloadSize); // TODO Samsung reviewer: please confirm
-        context->payloadSize = 0; // TODO Samsung reviewer: please confirm
+        context->payload = NULL;
+        context->payloadSize = 0;
 #endif //MULTIPLE_OWNER
     }