From 42da344a31b03a6c0d67d24fdf0d4ccecc672cc8 Mon Sep 17 00:00:00 2001
From: "srinivasa.m" <srinivasa.m@samsung.com>
Date: Mon, 18 Feb 2019 12:26:51 +0530
Subject: [PATCH] SVACE issues Fix

Change-Id: I61a0d086b05ba2c12b0946d2512c89849d7ecab4
---
 common/fido_json_handler.c       | 14 ++++++++++----
 server/fido_server.c             | 11 +++++++++--
 server/fido_uaf_policy_checker.c |  7 +++++--
 3 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/common/fido_json_handler.c b/common/fido_json_handler.c
index 31b4aff..af212f7 100755
--- a/common/fido_json_handler.c
+++ b/common/fido_json_handler.c
@@ -771,6 +771,9 @@ _uaf_parser_parse_asm_response_discover_client(char **asm_response_list, int len
 	RET_IF_FAIL(asm_response_list != NULL, NULL);
 
 	GList *available_authenticators = NULL;
+	fido_authenticator_s *auth_info = NULL;
+	char *auth_idx_str = NULL;
+	fido_version_s *version = NULL;
 
 	int i = 0;
 	for (; i < len; i++) {
@@ -880,11 +883,11 @@ _uaf_parser_parse_asm_response_discover_client(char **asm_response_list, int len
 		for (auth_arr_index = 0; auth_arr_index < auth_arr_len; auth_arr_index++) {
 			JsonObject *auth_obj = json_array_get_object_element(auth_arr, auth_arr_index);
 			if (auth_obj != NULL) {
-				fido_authenticator_s *auth_info = (fido_authenticator_s *)calloc(1, sizeof(fido_authenticator_s));
-
+				auth_info = (fido_authenticator_s *)calloc(1, sizeof(fido_authenticator_s));
+				CATCH_IF_FAIL(auth_info != NULL);
 
 				int auth_index = json_object_get_int_member(auth_obj, _JSON_KEY_AUTH_INDEX);
-				char *auth_idx_str = (char*)calloc(1, 128);
+				auth_idx_str = (char*)calloc(1, 128);
 				CATCH_IF_FAIL(auth_idx_str != NULL);
 				snprintf(auth_idx_str, 127, "%d", auth_index);
 
@@ -981,7 +984,7 @@ _uaf_parser_parse_asm_response_discover_client(char **asm_response_list, int len
 					auth_info->icon = strdup(icon);
 
 				/* Supported UAF versions is fixed to 1.0*/
-				 fido_version_s *version = calloc(1, sizeof(fido_version_s));
+				 version = calloc(1, sizeof(fido_version_s));
 				 CATCH_IF_FAIL(version != NULL);
 				 version->major = _VERSION_MAJOR;
 				 version->minor = _VERSION_MINOR;
@@ -1006,6 +1009,9 @@ _uaf_parser_parse_asm_response_discover_client(char **asm_response_list, int len
 	return available_authenticators;
 
 CATCH:
+	SAFE_DELETE(auth_info);
+	SAFE_DELETE(auth_idx_str);
+	SAFE_DELETE(version);
 	return NULL;
 }
 
diff --git a/server/fido_server.c b/server/fido_server.c
index a036116..ebff8f0 100755
--- a/server/fido_server.c
+++ b/server/fido_server.c
@@ -541,7 +541,10 @@ __copy_convert_uaf_trans_list(GList *uaf_tr_list)
 		asm_tr->content_type = __dup_string(uaf_tr->content_type);
 		if (uaf_tr->display_charac != NULL) {
 			asm_tr->display_charac = calloc(1, sizeof(_fido_asm_display_png_characteristics_descriptor_t));
-			RET_IF_FAIL(asm_tr->display_charac != NULL, NULL);
+			if(asm_tr->display_charac == NULL) {
+				SAFE_DELETE(asm_tr);
+				return NULL;
+			}
 			asm_tr->display_charac->bit_depth = uaf_tr->display_charac->bit_depth;
 			asm_tr->display_charac->color_type = uaf_tr->display_charac->color_type;
 			asm_tr->display_charac->compression = uaf_tr->display_charac->compression;
@@ -557,7 +560,11 @@ __copy_convert_uaf_trans_list(GList *uaf_tr_list)
 					fido_rgb_pallette_entry_s *uaf_plte_entry = (fido_rgb_pallette_entry_s*)(uaf_plte_iter->data);
 
 					fido_rgb_pallette_entry_s *asm_plte_entry = calloc(1, sizeof(fido_rgb_pallette_entry_s));
-					RET_IF_FAIL(asm_plte_entry != NULL, NULL);
+					if(asm_plte_entry == NULL) {
+						SAFE_DELETE(asm_tr->display_charac);
+						SAFE_DELETE(asm_tr);
+						return NULL;
+					}
 					asm_plte_entry->r = uaf_plte_entry->r;
 					asm_plte_entry->g = uaf_plte_entry->g;
 					asm_plte_entry->b = uaf_plte_entry->b;
diff --git a/server/fido_uaf_policy_checker.c b/server/fido_uaf_policy_checker.c
index 4abb312..ece286c 100755
--- a/server/fido_uaf_policy_checker.c
+++ b/server/fido_uaf_policy_checker.c
@@ -546,7 +546,7 @@ _policy_checker_get_matched_auth_list(_policy_t *policy, GList *auth_list)
 				continue;
 
 			_matched_auth_data_t *matched_auth_data_new = (_matched_auth_data_t*) calloc(1, sizeof(_matched_auth_data_t));
-
+			RET_IF_FAIL(matched_auth_data_new != NULL, NULL);
 			matched_auth_data_new->auth_index = _SAFE_DUP(matched_auth_data->auth_index);
 			matched_auth_data_new->att_type = matched_auth_data->att_type;
 			matched_auth_data_new->asm_id = _SAFE_DUP(matched_auth_data->asm_id);
@@ -560,7 +560,10 @@ _policy_checker_get_matched_auth_list(_policy_t *policy, GList *auth_list)
 			for (; allowed_list_iter_next != NULL; allowed_list_iter_next = allowed_list_iter_next->next) {
 
 				_matched_auth_data_t *matched_auth_data_nxt = (_matched_auth_data_t*)allowed_list_iter_next->data;
-				RET_IF_FAIL(matched_auth_data_nxt != NULL, NULL);
+				if(matched_auth_data_nxt == NULL){
+					SAFE_DELETE(matched_auth_data_new);
+					return NULL;
+				}
 				if (strcmp(matched_auth_data_nxt->asm_id, matched_auth_data->asm_id) == 0) {
 					if (strcmp(matched_auth_data_nxt->auth_index, matched_auth_data->auth_index) == 0) {
 
-- 
2.7.4