From 69232f8aada438da9b66ec1354307efeaf7e0b3d Mon Sep 17 00:00:00 2001 From: Aleksey Volkov Date: Thu, 5 Sep 2019 20:22:22 +0300 Subject: [PATCH] svace fixes https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/commit/dfdaf037df98fbd0c8b659fccdfe0384bb466547 (cherry-picked from dfdaf037df98fbd0c8b659fccdfe0384bb466547) Change-Id: Ic0361d29c7bc8f0aa4708ec103728e968b430a42 Signed-off-by: Aleksey Volkov Signed-off-by: Sudipto --- .../src/adapter_util/ca_adapter_net_ssl.c | 4 ++++ .../src/multipleownershiptransfermanager.c | 3 +++ .../provisioning/src/ownershiptransfermanager.c | 8 +++++++- resource/csdk/security/provisioning/src/pmutility.c | 1 + .../provisioning/src/provisioningdatabasemanager.c | 9 ++++----- .../provisioning/src/secureresourceprovider.c | 21 ++++++++++++++++++++- resource/csdk/security/src/amaclresource.c | 1 + resource/csdk/security/src/credresource.c | 1 + resource/csdk/security/src/crlresource.c | 5 ++++- resource/csdk/security/src/oxmpincommon.c | 2 ++ resource/csdk/security/src/pconfresource.c | 2 +- resource/csdk/security/src/psinterface.c | 1 + 12 files changed, 49 insertions(+), 9 deletions(-) diff --git a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c index 966b2a4..ce4765a 100644 --- a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c +++ b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c @@ -928,6 +928,10 @@ static int ParseChain(mbedtls_x509_crt * crt, unsigned char * buf, size_t bufLen else { unsigned char * lastCert = (unsigned char *)OICMalloc((len + 1) * sizeof(unsigned char)); + if (lastCert == NULL) + { + goto exit; + } memcpy(lastCert, buf + pos, len); lastCert[len] = 0x00; ret = mbedtls_x509_crt_parse(crt, lastCert, len + 1); diff --git a/resource/csdk/security/provisioning/src/multipleownershiptransfermanager.c b/resource/csdk/security/provisioning/src/multipleownershiptransfermanager.c index 962e651..07b492e 100644 --- a/resource/csdk/security/provisioning/src/multipleownershiptransfermanager.c +++ b/resource/csdk/security/provisioning/src/multipleownershiptransfermanager.c @@ -904,6 +904,7 @@ static OCStackResult PostSubOwnerCredential(OTMContext_t* motCtx) newCredential.eownerID = OICCalloc(1, sizeof(OicUuid_t)); if(NULL == newCredential.eownerID) { + OICFree(secPayload); return OC_STACK_NO_MEMORY; } } @@ -1089,6 +1090,7 @@ static OCStackResult StartMultipleOwnershipTransfer(OTMContext_t* motCtx, if(OC_STACK_OK != res) { OIC_LOG(ERROR, TAG, "Failed to convert UUID to str"); + OICFree(strUuid); SetMOTResult(motCtx, res); return res; } @@ -1104,6 +1106,7 @@ static OCStackResult StartMultipleOwnershipTransfer(OTMContext_t* motCtx, OIC_LOG(ERROR, TAG, "Internal error in PDMDeleteDevice"); OICFree(strUuid); SetMOTResult(motCtx, res); + return res; } } else if(PDM_DEVICE_INIT == deviceState) diff --git a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c index 986cadb..4a9021a 100644 --- a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c +++ b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c @@ -853,7 +853,12 @@ static OCStackResult SaveOwnerPSK(OCProvisionDev_t *selectedDeviceInfo) OICFree( cred->privateData.data ); cred->privateData.data = (uint8_t *)OICCalloc(1, outSize + 1); - VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR); + if (cred->privateData.data == NULL) + { + OICFree(b64Buf); + res = OC_STACK_ERROR; + goto exit; + } strncpy((char*)(cred->privateData.data), b64Buf, outSize); cred->privateData.data[outSize] = '\0'; @@ -1585,6 +1590,7 @@ static OCStackResult PostOwnerCredential(OTMContext_t* otmCtx) if(!ownerCredential) { OIC_LOG(ERROR, TAG, "Can not find OwnerPSK."); + OICFree(secPayload); return OC_STACK_NO_RESOURCE; } diff --git a/resource/csdk/security/provisioning/src/pmutility.c b/resource/csdk/security/provisioning/src/pmutility.c index 4c72d5f..444ec43 100644 --- a/resource/csdk/security/provisioning/src/pmutility.c +++ b/resource/csdk/security/provisioning/src/pmutility.c @@ -488,6 +488,7 @@ bool PMGenerateQuery(bool isSecure, { case CT_ADAPTER_TCP: prefix = (isSecure == true) ? COAPS_TCP_PREFIX : COAP_TCP_PREFIX; + /*FALLTHROUGH*/ case CT_ADAPTER_IP: switch(connType & CT_MASK_FLAGS & ~CT_FLAG_SECURE) { diff --git a/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c b/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c index c774b76..93ce7de 100644 --- a/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c +++ b/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c @@ -323,7 +323,7 @@ OCStackResult OTMStart(const OicUuid_t *uuid, const OicUuid_t *owner) sqlite3_finalize(stmt); OIC_LOG_V(DEBUG, TAG, "OUT %s", __func__); - return OC_STACK_OK; + return ret; } OCStackResult OTMSetState(const OicUuid_t *uuid, int state) @@ -393,12 +393,11 @@ OCStackResult OTMGetState(const OicUuid_t *uuid, int *state) res = sqlite3_bind_text(stmt, 1, uuidStr, strlen(uuidStr), SQLITE_TRANSIENT); PDM_VERIFY_SQLITE_OK(TAG, res, NULL, ERROR, OC_STACK_ERROR); - while (SQLITE_ROW == sqlite3_step(stmt)) + if (SQLITE_ROW == sqlite3_step(stmt)) { *state = sqlite3_column_int(stmt, 1); OIC_LOG_V(DEBUG, TAG, "%s state is %d", uuidStr, *state); ret = OC_STACK_OK; - break; } OICFree(uuidStr); @@ -474,7 +473,7 @@ static OCStackResult getIdForUUID(const OicUuid_t *UUID , int *id) res = sqlite3_prepare_v2(g_db, sqlStat, (int)sizeof(sqlStat), &stmt, 0); PDM_VERIFY_SQLITE_OK(TAG, res, stmt, ERROR, OC_STACK_ERROR); - while (SQLITE_ROW == sqlite3_step(stmt)) + if (SQLITE_ROW == sqlite3_step(stmt)) { int tempId = sqlite3_column_int(stmt, PDM_FIRST_INDEX); OIC_LOG_V(DEBUG, TAG, "ID is %d", tempId); @@ -841,7 +840,7 @@ static OCStackResult getUUIDforId(int id, OicUuid_t *uid, bool *result) res = sqlite3_bind_int(stmt, PDM_BIND_INDEX_FIRST, id); PDM_VERIFY_SQLITE_OK(TAG, res, stmt, ERROR, OC_STACK_ERROR); - while (SQLITE_ROW == sqlite3_step(stmt)) + if (SQLITE_ROW == sqlite3_step(stmt)) { const void *ptr = sqlite3_column_blob(stmt, PDM_FIRST_INDEX); memcpy(uid, ptr, sizeof(OicUuid_t)); diff --git a/resource/csdk/security/provisioning/src/secureresourceprovider.c b/resource/csdk/security/provisioning/src/secureresourceprovider.c index 081cccd..b93fc0a 100644 --- a/resource/csdk/security/provisioning/src/secureresourceprovider.c +++ b/resource/csdk/security/provisioning/src/secureresourceprovider.c @@ -586,7 +586,12 @@ OCStackResult SRPSaveTrustCertChain(uint8_t *trustCertChain, size_t chainSize, } cred->credUsage= (char *)OICCalloc(1, strlen(TRUST_CA)+1 ); - VERIFY_NON_NULL_RET(TAG, cred->credUsage, ERROR, OC_STACK_NO_MEMORY); + if (cred->credUsage == NULL) + { + OIC_LOG_V(ERROR, TAG, "%s cant alloc credUsage", __func__); + OICFree(cred); + return OC_STACK_NO_MEMORY; + } OICStrcpy(cred->credUsage, strlen(TRUST_CA) + 1, TRUST_CA); cred->credType = SIGNED_ASYMMETRIC_KEY; @@ -657,6 +662,12 @@ OCStackResult SRPSaveOwnCertChain(OicSecKey_t * cert, OicSecKey_t * key, uint16_ cred->credUsage= (char *)OICCalloc(1, strlen(PRIMARY_CERT)+1 ); VERIFY_NON_NULL_RET(TAG, cred->credUsage, ERROR, OC_STACK_NO_MEMORY); + if (cred->credUsage == NULL) + { + OIC_LOG_V(ERROR, TAG, "%s cant alloc credUsage", __func__); + OICFree(cred); + return OC_STACK_NO_MEMORY; + } OICStrcpy(cred->credUsage, strlen(PRIMARY_CERT) + 1, PRIMARY_CERT) ; cred->credType = SIGNED_ASYMMETRIC_KEY; @@ -671,6 +682,12 @@ OCStackResult SRPSaveOwnCertChain(OicSecKey_t * cert, OicSecKey_t * key, uint16_ OicSecKey_t *privateData = &cred->privateData; privateData->data = (uint8_t *)OICCalloc(1, key->len); VERIFY_NON_NULL_RET(TAG, privateData->data, ERROR, OC_STACK_NO_MEMORY); + if (privateData->data == NULL) + { + OIC_LOG_V(ERROR, TAG, "%s cant alloc publicData->data", __func__); + OICFree(publicData->data); + return OC_STACK_NO_MEMORY; + } memcpy(privateData->data, key->data, key->len); privateData->len = key->len; privateData->encoding = key->encoding; @@ -1179,6 +1196,7 @@ static OCStackResult SendDeleteCredentialRequest(void* ctx, if (OC_STACK_OK != result) { OIC_LOG_V(ERROR, TAG, "SendDeleteCredentialRequest : encoding error %d\n", result); + OICFree(subID); return OC_STACK_ERROR; } @@ -1254,6 +1272,7 @@ static OCStackResult SendDeleteACLRequest(void* ctx, destDev->endpoint.addr); if (OC_STACK_OK != result) { + OICFree(subID); OIC_LOG_V(ERROR, TAG, "SendDeleteCredentialRequest : encoding error %d\n", result); return OC_STACK_ERROR; } diff --git a/resource/csdk/security/src/amaclresource.c b/resource/csdk/security/src/amaclresource.c index ca0be5c..b99b967 100644 --- a/resource/csdk/security/src/amaclresource.c +++ b/resource/csdk/security/src/amaclresource.c @@ -255,6 +255,7 @@ OCStackResult CBORPayloadToAmacl(const uint8_t *cborPayload, size_t size, cbor_parser_init(cborPayload, size, 0, &parser, &amaclCbor); OicSecAmacl_t *headAmacl = (OicSecAmacl_t *)OICCalloc(1, sizeof(OicSecAmacl_t)); + VERIFY_NON_NULL(TAG, headAmacl, ERROR); CborValue amaclMap = { .parser = NULL }; cborFindResult = cbor_value_enter_container(&amaclCbor, &amaclMap); diff --git a/resource/csdk/security/src/credresource.c b/resource/csdk/security/src/credresource.c index 0bdaa5f..40aab22 100644 --- a/resource/csdk/security/src/credresource.c +++ b/resource/csdk/security/src/credresource.c @@ -2619,6 +2619,7 @@ int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type, if(B64_OK != b64Decode((char*)wildCardCred->privateData.data, wildCardCred->privateData.len, pinBuffer, pinBufSize, &pinLength)) { OIC_LOG (ERROR, TAG, "Failed to base64 decoding."); + OICFree(pinBuffer); return ret; } } diff --git a/resource/csdk/security/src/crlresource.c b/resource/csdk/security/src/crlresource.c index 5a0397a..222bb0b 100644 --- a/resource/csdk/security/src/crlresource.c +++ b/resource/csdk/security/src/crlresource.c @@ -761,7 +761,10 @@ uint8_t *GetCrl() if (OC_STACK_OK == GetSecureVirtualDatabaseFromPS(OIC_CBOR_CRL_NAME, &data, &size) && data && OC_STACK_OK == CBORPayloadToCrl(data, size, &crl)) { - return crl->CrlData.data; + uint8_t *res = OICMalloc(crl->CrlData.len); + memcpy(res, crl->CrlData.data, crl->CrlData.len); + DeleteCrl(crl); + return res; } return NULL; } diff --git a/resource/csdk/security/src/oxmpincommon.c b/resource/csdk/security/src/oxmpincommon.c index 4908451..9725b74 100644 --- a/resource/csdk/security/src/oxmpincommon.c +++ b/resource/csdk/security/src/oxmpincommon.c @@ -536,6 +536,7 @@ int32_t GetDtlsPskForPreconfPinOxm( CADtlsPskCredType_t type, if(B64_OK != b64Decode((char*)cred->privateData.data, cred->privateData.len, pinBuffer, pinBufSize, &pinLength)) { OIC_LOG (ERROR, TAG, "Failed to base64 decoding."); + OICFree(pinBuffer); return ret; } } @@ -636,6 +637,7 @@ int32_t GetDtlsPskForMotPreconfPinOxm( CADtlsPskCredType_t type, if(B64_OK != b64Decode((char*)cred->privateData.data, cred->privateData.len, pinBuffer, pinBufSize, &pinLength)) { OIC_LOG (ERROR, TAG, "Failed to base64 decoding."); + OICFree(pinBuffer); return ret; } } diff --git a/resource/csdk/security/src/pconfresource.c b/resource/csdk/security/src/pconfresource.c index 3404a16..36b5295 100644 --- a/resource/csdk/security/src/pconfresource.c +++ b/resource/csdk/security/src/pconfresource.c @@ -525,7 +525,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec uint8_t *pin = NULL; cborFindResult = cbor_value_dup_byte_string(&pconfMap, &pin, &len, NULL); VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get value"); - memcpy(pconf->pin.val, pin, len); + memcpy(pconf->pin.val, pin, len > 8 ? 8 : len); OICFree(pin); } diff --git a/resource/csdk/security/src/psinterface.c b/resource/csdk/security/src/psinterface.c index c24f05a..baba287 100644 --- a/resource/csdk/security/src/psinterface.c +++ b/resource/csdk/security/src/psinterface.c @@ -213,6 +213,7 @@ static OCStackResult getPlaintextFromDB(const OCPersistentStorage *ps, uint8_t * fp = ps->open(SVR_DB_DAT_FILE_NAME, "rb"); if (NULL == fp) { + OICFree(plaintext); OIC_LOG(ERROR, TAG, "ps->open() Failed"); return OC_STACK_ERROR; } -- 2.7.4