From: Sudipto <sudipto.bal@samsung.com>
Date: Tue, 29 Oct 2019 07:48:31 +0000 (+0530)
Subject: Fix for SVACE Issues
X-Git-Tag: submit/tizen/20191031.021857~5
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7af6d72bb1711d933804e6a4df6ca7e521f2d8dd;p=platform%2Fupstream%2Fiotivity.git

Fix for SVACE Issues

https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/pull/580/commits/ba60a95ac03fc844ec9ff22558624982d865f4f0
(cherry-picked from ba60a95ac03fc844ec9ff22558624982d865f4f0)

Change-Id: Iddefe17f317f724831aca9f7d943cee0133cbcc8
Signed-off-by: Sudipto <sudipto.bal@samsung.com>
---

diff --git a/resource/csdk/connectivity/src/bt_le_adapter/tizen/caleclient_vd.c b/resource/csdk/connectivity/src/bt_le_adapter/tizen/caleclient_vd.c
index 68c2455ff..3e58dca10 100644
--- a/resource/csdk/connectivity/src/bt_le_adapter/tizen/caleclient_vd.c
+++ b/resource/csdk/connectivity/src/bt_le_adapter/tizen/caleclient_vd.c
@@ -421,10 +421,17 @@ static bool CALEIsHaveServiceImpl(bt_adapter_le_device_scan_result_info_s *scanI
 
         if (result == BT_ERROR_NONE && NULL != man_data)
         {
-            char *compare_man_data = OICCalloc(1, (man_data_len*2)+1);
             int pos =0;
+            char *compare_man_data = OICCalloc(1, (man_data_len*2)+1);
+            if (!compare_man_data)
+            {
+                OIC_LOG(ERROR, CALEADAPTER_TAG, "Memory allocation failed for compare_man_data");
+                OICFree(man_data);
+                return false;
+            }
+
             for(int i=0;i<man_data_len;i++){
-                pos += sprintf(compare_man_data+pos, "%.2x", man_data[i]);
+                pos += snprintf(compare_man_data+pos, 2, "%.2x", man_data[i]);
             }
 
             if (man_id == samsung_code && 0 == strncasecmp(compare_man_data, service_uuid, CUSTOM_UUID_LEN))
diff --git a/resource/csdk/connectivity/src/cablockwisetransfer.c b/resource/csdk/connectivity/src/cablockwisetransfer.c
index 0326f19de..2d211e281 100755
--- a/resource/csdk/connectivity/src/cablockwisetransfer.c
+++ b/resource/csdk/connectivity/src/cablockwisetransfer.c
@@ -2784,7 +2784,7 @@ void CAResetBlockDataTTL(const CABlockDataID_t *blockID)
     for (size_t i = 0; i < len; i++)
     {
         CABlockData_t *blockData = (CABlockData_t *) u_arraylist_get(g_context.dataList, i);
-        if (CABlockidMatches(blockData, blockID))
+        if (blockData && CABlockidMatches(blockData, blockID))
         {
             uint64_t now = OICGetCurrentTime(TIME_IN_US);
             blockData->ttl = now + (BLOCK_DATA_TIMEOUT_SECONDS * USECS_PER_SEC);
diff --git a/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c b/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c
index 5b5f92ef9..d4bd440cc 100644
--- a/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c
+++ b/resource/csdk/connectivity/src/tcp_adapter/catcpserver.c
@@ -961,7 +961,7 @@ static CAResult_t CATCPCreateSocket(int family, CATCPSessionInfo_t *svritem)
     if(cloud_address && *cloud_address)
     {
         char message[4096];
-        int len = sprintf(message,
+        int len = snprintf(message, 4096,
                 "CONNECT %s HTTP/1.1\r\n"
                 "Host: %s\r\n\r\n", cloud_address, cloud_address
         );
diff --git a/resource/csdk/stack/src/oicgroup.c b/resource/csdk/stack/src/oicgroup.c
index 61c0eaa13..426558dbf 100644
--- a/resource/csdk/stack/src/oicgroup.c
+++ b/resource/csdk/stack/src/oicgroup.c
@@ -822,7 +822,7 @@ OCStackResult BuildStringFromActionSet(OCActionSet* actionset, char** desc)
     actionTypeStr = (char *)OICMalloc(1024);
     if(actionTypeStr != NULL)
     {
-        sprintf(actionTypeStr, "%ld %u", actionset->timesteps, actionset->type);
+        snprintf(actionTypeStr, 1024, "%ld %u", actionset->timesteps, actionset->type);
         if(remaining >= strlen(actionTypeStr) + strlen(ACTION_DELIMITER) + 1)
         {
             strncat(temp, actionTypeStr, strlen(actionTypeStr));
@@ -852,11 +852,11 @@ OCStackResult BuildStringFromActionSet(OCActionSet* actionset, char** desc)
             goto exit;
         }
 
-        strcat(temp, "uri=");
+        strncat(temp, "uri=", 4);
         remaining -= strlen("uri=");
-        strcat(temp, action->resourceUri);
+        strncat(temp, action->resourceUri, strlen(action->resourceUri));
         remaining -= strlen(action->resourceUri);
-        strcat(temp, "|");
+        strncat(temp, "|", 1);
         remaining--;
 
         OCCapability *capas = action->head;
@@ -987,6 +987,12 @@ OCStackResult BuildActionJSON(OCAction* action, unsigned char* bufferPtr,
     }
 
     jsonStr = cJSON_PrintUnformatted(json);
+    if (jsonStr == NULL)
+    {
+        OIC_LOG(ERROR, TAG, "cJSON_PrintUnformatted failed");
+        cJSON_Delete(json);
+        return OC_STACK_ERROR;
+    }
 
     jsonLen = strlen(jsonStr);
     if (jsonLen < *remaining)