projects / platform / core / account / fido-asm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2f81069)
Svace issues fix 26/200626/6
authorsrinivasa.m <srinivasa.m@samsung.com>
Wed, 27 Feb 2019 10:26:12 +0000 (15:56 +0530)
committersrinivasa.m <srinivasa.m@samsung.com>
Wed, 27 Feb 2019 13:09:06 +0000 (18:39 +0530)
Change-Id: I34351705c56df7e4c4279f3fee8ab8ccf0c5bc38

silent_auth/silent_auth_entry.cpp patch | blob | history

diff --git a/silent_auth/silent_auth_entry.cpp b/silent_auth/silent_auth_entry.cpp
index a3a6d5d..41bb1d3 100755 (executable)
--- a/silent_auth/silent_auth_entry.cpp
+++ b/silent_auth/silent_auth_entry.cpp
@@ -430,14 +430,30 @@ processAuthenticate(unsigned char *assert_req)
                                        _INFO("Key Handle Parameters : [%s][%s][%s]", user_name, pri_key, khA);
 
                                        UserNameKeyHandle *ukhInfoNew = ALLOC(UserNameKeyHandle);
-                                       RET_IF_FAIL(ukhInfoNew != NULL, NULL);
+                                       if(ukhInfoNew == NULL)
+                                       {
+                                               SAFE_DELETE(getAuthRespInfo);
+                                               return NULL;
+                                       }
+
                                        ukhInfoNew->userName = user_name;
                                        user_name = NULL;
 
                                        ukhInfoNew->kh = ALLOC(Buffer);
-                                       RET_IF_FAIL(ukhInfoNew->kh != NULL, NULL);
+                                       if(ukhInfoNew->kh == NULL)
+                                       {
+                                               SAFE_DELETE(ukhInfoNew);
+                                               SAFE_DELETE(getAuthRespInfo);
+                                               return NULL;
+                                       }
                                        ukhInfoNew->kh->data = NALLOC(BIG_STRING_SIZE, uint8_t);
-                                       RET_IF_FAIL(ukhInfoNew->kh->data != NULL, NULL);
+                                       if(ukhInfoNew->kh->data == NULL)
+                                       {
+                                               SAFE_DELETE(ukhInfoNew->kh);
+                                               SAFE_DELETE(ukhInfoNew);
+                                               SAFE_DELETE(getAuthRespInfo);
+                                               return NULL;
+                                       }
                                        ukhInfoNew->kh->len = strlen((char*)khStr);
                                        memcpy(ukhInfoNew->kh->data, khStr, strlen((char*)khStr));
 
@@ -529,6 +545,12 @@ processAuthenticate(unsigned char *assert_req)
                        int ret = AsmCrypto::genHash256(getAuthReqInfo->tc, strlen(getAuthReqInfo->tc), tcHash);
                        if (ret == false) {
                                _ERR("processAuthenticate:: Failed to create Transaction content hash.");
+                               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash);
+                               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce->data);
+                               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce);
+                               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->assrtInfo);
+                               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData);
+                               SAFE_DELETE(getAuthRespInfo->authAssertion);
                                SAFE_DELETE(getAuthRespInfo);
                                SAFE_DELETE(keyId_b64_enc);
                                return NULL;
@@ -569,6 +591,16 @@ processAuthenticate(unsigned char *assert_req)
                                                                                        &outputSz)) {
                        _ERR("Failed to decode base64.");
                        free(output);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->assrtInfo);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->counter);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion);
                        SAFE_DELETE(getAuthRespInfo);
                        return NULL;
                }
@@ -587,6 +619,16 @@ processAuthenticate(unsigned char *assert_req)
 
                if (dec_len <= 0) {
                        _ERR("AESDecryptof keyhandle failed");
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->assrtInfo);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->counter);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion);
                        SAFE_DELETE(getAuthRespInfo);
                        return NULL;
                }
@@ -608,6 +650,16 @@ processAuthenticate(unsigned char *assert_req)
                        SAFE_DELETE(pri_key);
                        SAFE_DELETE(khA);
                        SAFE_DELETE(user_name);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->assrtInfo);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->counter);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion);
                        SAFE_DELETE(getAuthRespInfo);
                        return NULL;
                }
@@ -622,6 +674,16 @@ processAuthenticate(unsigned char *assert_req)
                        _INFO("setEncoder EID_UAFV1_SIGN_DATA_RESP PASS");
                } else {
                        _INFO("setEncoder EID_UAFV1_SIGN_DATA_RESP FAIL");
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->assrtInfo);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->counter);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion);
                        SAFE_DELETE(getAuthRespInfo);
                        SAFE_DELETE(pri_key);
                        SAFE_DELETE(khA);
@@ -634,6 +696,16 @@ processAuthenticate(unsigned char *assert_req)
                        _INFO("encode EID_UAFV1_SIGN_DATA_RESP PASS");
                } else {
                        _INFO("encode EID_UAFV1_SIGN_DATA_RESP FAIL");
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->assrtInfo);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->counter);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion);
                        SAFE_DELETE(getAuthRespInfo);
                        SAFE_DELETE(pri_key);
                        SAFE_DELETE(khA);
@@ -652,6 +724,16 @@ processAuthenticate(unsigned char *assert_req)
 
                if (sig_str == NULL) {
                        _ERR("SignRSA failed for signature");
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->assrtInfo);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId->data);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->counter);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData);
+                       SAFE_DELETE(getAuthRespInfo->authAssertion);
                        SAFE_DELETE(getAuthRespInfo);
                        SAFE_DELETE(pri_key);
                        SAFE_DELETE(khA);
@@ -673,6 +755,17 @@ processAuthenticate(unsigned char *assert_req)
 
        if (response_parsed == false) {
                _ERR("processAuthenticate:: Failed to Get Sign Response");
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->assrtInfo);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce->data);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash->data);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId->data);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->counter);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sig->data);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sig);
+               SAFE_DELETE(getAuthRespInfo->authAssertion);
                SAFE_DELETE(getAuthRespInfo);
                return NULL;
        }
@@ -694,15 +787,38 @@ processAuthenticate(unsigned char *assert_req)
                _INFO("setEncoder EID_UAFV1_SIGN_RESP PASS \n");
        } else {
                _INFO("setEncoder EID_UAFV1_SIGN_RESP FAIL \n");
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->assrtInfo);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce->data);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash->data);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId->data);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->counter);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sig->data);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sig);
+               SAFE_DELETE(getAuthRespInfo->authAssertion);
                SAFE_DELETE(getAuthRespInfo);
                return NULL;
        }
        Buffer *getAuthRespInfoBuff = NULL;
        getAuthRespInfoBuff = encodableAuthResp.encode();
-       SAFE_DELETE(getAuthRespInfo);
+
        if (getAuthRespInfoBuff != NULL) {
                _INFO("encode EID_UAFV1_SIGN_RESP PASS \n");
        } else {
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->assrtInfo);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce->data);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash->data);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId->data);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->counter);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sig->data);
+               SAFE_DELETE(getAuthRespInfo->authAssertion->sig);
+               SAFE_DELETE(getAuthRespInfo->authAssertion);
+               SAFE_DELETE(getAuthRespInfo);
                _INFO("encode EID_UAFV1_SIGN_RESP FAIL \n");
                return NULL;
        }
@@ -710,6 +826,18 @@ processAuthenticate(unsigned char *assert_req)
        _INFO("===========================AUTHENTICATE REPONSE ENCODE=============================");
 
        _INFO("========ProcessAuthenticate end PIN Auth=========");
+       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->assrtInfo);
+       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce->data);
+       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->authNonce);
+       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash->data);
+       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->tcHash);
+       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId->data);
+       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->keyId);
+       SAFE_DELETE(getAuthRespInfo->authAssertion->sigData->counter);
+       SAFE_DELETE(getAuthRespInfo->authAssertion->sig->data);
+       SAFE_DELETE(getAuthRespInfo->authAssertion->sig);
+       SAFE_DELETE(getAuthRespInfo->authAssertion);
+       SAFE_DELETE(getAuthRespInfo);
        return getAuthRespInfoBuff;
 }
 
Domain: Service Framework / Account; Licenses: Apache-2.0;