Crash in OCProcessPresence()

1. Set presence to NULL incase allocation of timeout
array fails. This ensures that OCProcessPresence does
not process this cbNode, thereby preventing possible
NULL dereference of timeout.
2. Do not send request if timeout has reached/exceeded
the  PresenceTimeOutSize. This prevents a possible buffer
overrun in accessing the timeout array.

https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/pull/279
(cherry picked from commit 22079af2bd0f22a80b98c3b17469c3b8ed601ede)

Change-Id: I9398fa4870a719eb0bbaa00102157e8487af5236
Signed-off-by: Veeraj Khokale <veeraj.sk@samsung.com>
Signed-off-by: Amit KS <amit.s12@samsung.com>

diff --git a/resource/csdk/stack/src/ocstack.c b/resource/csdk/stack/src/ocstack.c
index c34b2f2..60e8e29 100644 (file)
--- a/resource/csdk/stack/src/ocstack.c
+++ b/resource/csdk/stack/src/ocstack.c
@@ -1242,6 +1242,7 @@ OCStackResult HandlePresenceResponse(const CAEndpoint_t *endpoint,
                     OIC_LOG(ERROR, TAG,
                                   "Could not allocate memory for cbNode->presence->timeOut");
                     OICFree(cbNode->presence);
+                    cbNode->presence = NULL;
                     result = OC_STACK_NO_MEMORY;
                     goto exit;
                 }
@@ -3386,6 +3387,7 @@ OCStackResult OCProcessPresence()
             {
                 FindAndDeleteClientCB(cbNode);
             }
+            continue;
         }
 
         if (now < cbNode->presence->timeOut[cbNode->presence->TTLlevel])