From bbe6ea7b93285c7c35291a6db4b5da9aa57cf550 Mon Sep 17 00:00:00 2001
From: Mandeep Shetty <mandeep.shetty@intel.com>
Date: Tue, 17 Mar 2015 13:55:11 -0700
Subject: [PATCH] Klockwork fixes on C samples

Send MAX_HEADER_OPTION_DATA_LENGTH as buffer size to avoid array bounds
violation by potentially sending a larger size contained in the
optionLength field in received headers.

Change-Id: If9f6ea0688298a2ba7723db67f5082509fad1d5f
Signed-off-by: Mandeep Shetty <mandeep.shetty@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/493
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Erich Keane <erich.keane@intel.com>
---
 resource/csdk/stack/samples/linux/SimpleClientServer/occlient.cpp      | 3 ++-
 .../csdk/stack/samples/linux/SimpleClientServer/occlientbasicops.cpp   | 3 ++-
 resource/csdk/stack/samples/linux/SimpleClientServer/occlientslow.cpp  | 3 ++-
 resource/csdk/stack/samples/linux/SimpleClientServer/ocserver.cpp      | 3 ++-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/resource/csdk/stack/samples/linux/SimpleClientServer/occlient.cpp b/resource/csdk/stack/samples/linux/SimpleClientServer/occlient.cpp
index 9dce85f..3ed35e2 100644
--- a/resource/csdk/stack/samples/linux/SimpleClientServer/occlient.cpp
+++ b/resource/csdk/stack/samples/linux/SimpleClientServer/occlient.cpp
@@ -230,8 +230,9 @@ OCStackApplicationResult getReqCB(void* ctx, OCDoHandle handle, OCClientResponse
             {
                 OC_LOG_V(INFO, TAG, "Received option with OC_COAP_ID and ID %u with",
                         ((OCHeaderOption)rcvdOptions[i]).optionID );
+
                 OC_LOG_BUFFER(INFO, TAG, ((OCHeaderOption)rcvdOptions[i]).optionData,
-                        ((OCHeaderOption)rcvdOptions[i]).optionLength);
+                    MAX_HEADER_OPTION_DATA_LENGTH);
             }
         }
     }
diff --git a/resource/csdk/stack/samples/linux/SimpleClientServer/occlientbasicops.cpp b/resource/csdk/stack/samples/linux/SimpleClientServer/occlientbasicops.cpp
index e126035..1f6051d 100644
--- a/resource/csdk/stack/samples/linux/SimpleClientServer/occlientbasicops.cpp
+++ b/resource/csdk/stack/samples/linux/SimpleClientServer/occlientbasicops.cpp
@@ -207,8 +207,9 @@ OCStackApplicationResult getReqCB(void* ctx, OCDoHandle handle,
                 {
                     OC_LOG_V(INFO, TAG, "Received option with OC_COAP_ID and ID %u with",
                             ((OCHeaderOption)rcvdOptions[i]).optionID );
+
                     OC_LOG_BUFFER(INFO, TAG, ((OCHeaderOption)rcvdOptions[i]).optionData,
-                            ((OCHeaderOption)rcvdOptions[i]).optionLength);
+                        MAX_HEADER_OPTION_DATA_LENGTH);
                 }
             }
         }
diff --git a/resource/csdk/stack/samples/linux/SimpleClientServer/occlientslow.cpp b/resource/csdk/stack/samples/linux/SimpleClientServer/occlientslow.cpp
index a31b9c7..6a9a66e 100644
--- a/resource/csdk/stack/samples/linux/SimpleClientServer/occlientslow.cpp
+++ b/resource/csdk/stack/samples/linux/SimpleClientServer/occlientslow.cpp
@@ -116,8 +116,9 @@ OCStackApplicationResult getReqCB(void* ctx, OCDoHandle handle, OCClientResponse
             {
                 OC_LOG_V(INFO, TAG, "Received option with OC_COAP_ID and ID %u with",
                         ((OCHeaderOption)rcvdOptions[i]).optionID );
+
                 OC_LOG_BUFFER(INFO, TAG, ((OCHeaderOption)rcvdOptions[i]).optionData,
-                        ((OCHeaderOption)rcvdOptions[i]).optionLength);
+                    MAX_HEADER_OPTION_DATA_LENGTH);
             }
         }
     }
diff --git a/resource/csdk/stack/samples/linux/SimpleClientServer/ocserver.cpp b/resource/csdk/stack/samples/linux/SimpleClientServer/ocserver.cpp
index dbfeec7..acd3f13 100644
--- a/resource/csdk/stack/samples/linux/SimpleClientServer/ocserver.cpp
+++ b/resource/csdk/stack/samples/linux/SimpleClientServer/ocserver.cpp
@@ -591,8 +591,9 @@ OCEntityHandlerCb (OCEntityHandlerFlag flag,
                     {
                         OC_LOG_V(INFO, TAG, "Received option with OC_COAP_ID and ID %u with",
                                 ((OCHeaderOption)rcvdOptions[i]).optionID );
+
                         OC_LOG_BUFFER(INFO, TAG, ((OCHeaderOption)rcvdOptions[i]).optionData,
-                                ((OCHeaderOption)rcvdOptions[i]).optionLength);
+                            MAX_HEADER_OPTION_DATA_LENGTH);
                     }
                 }
                 OCHeaderOption * sendOptions = response.sendVendorSpecificHeaderOptions;
-- 
2.7.4