From 94bef05f80290f8fecf18cbcb75ac76f6d25e766 Mon Sep 17 00:00:00 2001
From: Oleksii Beketov <ol.beketov@samsung.com>
Date: Thu, 16 Feb 2017 12:59:27 +0200
Subject: [PATCH] Security and connectivity defects fix

Some minor defects (NULL checks and double frees) fixed.

Change-Id: I066a238a9379d45d1f377cc5a144c0bc0a97ccb7
Signed-off-by: Oleksii Beketov <ol.beketov@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/17039
Reviewed-by: Dmitriy Zhuravlev <d.zhuravlev@samsung.com>
Tested-by: jenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
Signed-off-by: Oleksii Beketov <ol.beketov@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/17319
---
 .../connectivity/src/adapter_util/caadapterutils.c |  4 +++
 resource/csdk/security/src/credresource.c          |  8 +++--
 resource/csdk/security/src/crlresource.c           | 35 +++++++++++++---------
 3 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/resource/csdk/connectivity/src/adapter_util/caadapterutils.c b/resource/csdk/connectivity/src/adapter_util/caadapterutils.c
index 8c332f5..da22fbd 100644
--- a/resource/csdk/connectivity/src/adapter_util/caadapterutils.c
+++ b/resource/csdk/connectivity/src/adapter_util/caadapterutils.c
@@ -189,6 +189,10 @@ CAResult_t CAConvertNameToAddr(const char *host, uint16_t port, struct sockaddr_
     int r = getaddrinfo(host, NULL, &hints, &addrs);
     if (r)
     {
+        if (NULL != addrs)
+        {
+            freeaddrinfo(addrs);
+        }
 #if defined(EAI_SYSTEM)
         if (EAI_SYSTEM == r)
         {
diff --git a/resource/csdk/security/src/credresource.c b/resource/csdk/security/src/credresource.c
index ff3677a..81a4c42 100755
--- a/resource/csdk/security/src/credresource.c
+++ b/resource/csdk/security/src/credresource.c
@@ -872,13 +872,16 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
         return OC_STACK_ERROR;
     }
 
-    OicSecCred_t *headCred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
+    OicSecCred_t *headCred = NULL;
 
     // Enter CRED Root Map
     CborValue CredRootMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
     cborFindResult = cbor_value_enter_container(&credCbor, &CredRootMap);
     VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering CRED Root Map.");
 
+    headCred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
+    VERIFY_NOT_NULL(TAG, headCred, ERROR);
+
     while (cbor_value_is_valid(&CredRootMap))
     {
         char* tagName = NULL;
@@ -918,6 +921,7 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
                     else
                     {
                         cred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
+                        VERIFY_NOT_NULL(TAG, cred, ERROR);
                         OicSecCred_t *temp = headCred;
                         while (temp->next)
                         {
@@ -926,8 +930,6 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
                         temp->next = cred;
                     }
 
-                    VERIFY_NOT_NULL(TAG, cred, ERROR);
-
                     while(cbor_value_is_valid(&credMap) && cbor_value_is_text_string(&credMap))
                     {
                         char* name = NULL;
diff --git a/resource/csdk/security/src/crlresource.c b/resource/csdk/security/src/crlresource.c
index be82012..4b3c9cc 100644
--- a/resource/csdk/security/src/crlresource.c
+++ b/resource/csdk/security/src/crlresource.c
@@ -363,23 +363,30 @@ OCStackResult CrlToCBORPayload(const OicSecCrl_t *crl, uint8_t **payload, size_t
     ret = OC_STACK_OK;
 
 exit:
-    if ((CborErrorOutOfMemory == cborEncoderResult) && (cborLen < CBOR_MAX_SIZE))
-    {
-        // reallocate and try again!
-        OICFree(outPayload);
-        // Since the allocated initial memory failed, double the memory.
-        cborLen += cbor_encoder_get_buffer_size(&encoder, encoder.end);
-        cborEncoderResult = CborNoError;
-        ret = CrlToCBORPayload(crl, payload, &cborLen, lastUpdate);
-    }
-
     if ((CborNoError != cborEncoderResult) || (OC_STACK_OK != ret))
     {
         OICFree(outPayload);
-        outPayload = NULL;
-        *payload = NULL;
-        *size = 0;
-        ret = OC_STACK_ERROR;
+        if ((CborErrorOutOfMemory == cborEncoderResult) && (cborLen < CBOR_MAX_SIZE))
+        {
+            // Since the allocated initial memory failed, double the memory.
+            cborLen += cbor_encoder_get_buffer_size(&encoder, encoder.end);
+            cborEncoderResult = CborNoError;
+            ret = CrlToCBORPayload(crl, payload, &cborLen, lastUpdate);
+            if (OC_STACK_OK != ret)
+            {
+                outPayload = NULL;
+                *payload = NULL;
+                *size = 0;
+                ret = OC_STACK_ERROR;
+            }
+        }
+        else
+        {
+            outPayload = NULL;
+            *payload = NULL;
+            *size = 0;
+            ret = OC_STACK_ERROR;
+        }
     }
 
     return ret;
-- 
2.7.4