From 60972a666f1479aef4f7143f1b86993d39f8c7f3 Mon Sep 17 00:00:00 2001
From: "js126.lee" <js126.lee@samsung.com>
Date: Fri, 4 Nov 2016 16:05:04 +0900
Subject: [PATCH] Resolve svace defect related to provisioningclient.c and
 pbkdf2.c

Patch 1 : fix defect on provisioningclient.c
Patch 2,3 : fix defect on pbkdf2.c
Patch 4 : Retrigger Jenkins

Change-Id: I8fb6993639efca6fa8f7bfd861a46fe26b3d6269
Signed-off-by: js126.lee <js126.lee@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/14023
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: dongik Lee <dongik.lee@samsung.com>
Reviewed-by: Chul Lee <chuls.lee@samsung.com>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
(cherry picked from commit 60aa05472ff9e2188a391cea043c3392c2f705d2)
Reviewed-on: https://gerrit.iotivity.org/gerrit/14099
---
 .../security/provisioning/sample/provisioningclient.c     | 15 ++++++++++++++-
 resource/csdk/security/src/pbkdf2.c                       |  4 ++--
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/resource/csdk/security/provisioning/sample/provisioningclient.c b/resource/csdk/security/provisioning/sample/provisioningclient.c
index 3ac3463..45dc3f5 100644
--- a/resource/csdk/security/provisioning/sample/provisioningclient.c
+++ b/resource/csdk/security/provisioning/sample/provisioningclient.c
@@ -1722,9 +1722,22 @@ static OicSecAcl_t* createSimpleAcl(const OicUuid_t uuid)
     size_t arrLen = 1;
     rsrc->typeLen = arrLen;
     rsrc->types = (char**)OICCalloc(arrLen, sizeof(char*));
+    if(!rsrc->types)
+    {
+        OIC_LOG(DEBUG, TAG,  "OICCalloc error return");
+        OCDeleteACLList(acl);
+        return NULL;
+    }
+    rsrc->types[0] = OICStrdup("");   // ignore
+
     rsrc->interfaceLen = 1;
     rsrc->interfaces = (char**)OICCalloc(arrLen, sizeof(char*));
-    rsrc->types[0] = OICStrdup("");   // ignore
+    if(!rsrc->interfaces)
+    {
+        OIC_LOG(DEBUG, TAG,  "OICCalloc error return");
+        OCDeleteACLList(acl);
+        return NULL;
+    }
     rsrc->interfaces[0] = OICStrdup("oic.if.baseline");  // ignore
 
     LL_APPEND(ace->resources, rsrc);
diff --git a/resource/csdk/security/src/pbkdf2.c b/resource/csdk/security/src/pbkdf2.c
index 785234a..b98c51b 100644
--- a/resource/csdk/security/src/pbkdf2.c
+++ b/resource/csdk/security/src/pbkdf2.c
@@ -75,8 +75,8 @@ int DeriveCryptoKeyFromPassword(const unsigned char *passwd, size_t pLen,
                                 const size_t keyLen, uint8_t *derivedKey)
 {
     int res = 0;
-    uint8_t buf[DTLS_HMAC_DIGEST_SIZE];
-    uint8_t uBuf[DTLS_HMAC_DIGEST_SIZE];
+    uint8_t buf[DTLS_HMAC_DIGEST_SIZE] = {0,};
+    uint8_t uBuf[DTLS_HMAC_DIGEST_SIZE] = {0,};
 
     size_t nBlocks = 0;
     size_t nOctetInLastBlock = 0;
-- 
2.7.4