From cb4bbd915048862e87bb74604c8c6a362c46ec09 Mon Sep 17 00:00:00 2001
From: Sachin Agrawal <sachin.agrawal@intel.com>
Date: Wed, 22 Jul 2015 09:20:11 -0700
Subject: [PATCH] Fixed memory leak while sending the response in SRM

Dynamic memory was being allocated while forming the OCSecurityPayload
and was not freed. Also, updated code in ocserverrequest.c to replace
dynamic memory allocation with local variable on the function stack for
CAToken variable.

Change-Id: I4372fe46001c10cb68d069cae5916c8798913121
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/1815
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Erich Keane <erich.keane@intel.com>
---
 resource/csdk/security/src/resourcemanager.c |  6 ++++--
 resource/csdk/stack/src/ocserverrequest.c    | 10 ++--------
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/resource/csdk/security/src/resourcemanager.c b/resource/csdk/security/src/resourcemanager.c
index f167855..615dae4 100644
--- a/resource/csdk/security/src/resourcemanager.c
+++ b/resource/csdk/security/src/resourcemanager.c
@@ -48,12 +48,14 @@ OCStackResult SendSRMResponse(const OCEntityHandlerRequest *ehRequest,
     OCEntityHandlerResponse response = {};
     if (ehRequest)
     {
+        OCSecurityPayload ocPayload = {};
+
         response.requestHandle = ehRequest->requestHandle;
         response.resourceHandle = ehRequest->resource;
         response.ehResult = ehRet;
-        response.payload = (OCPayload*)OICCalloc(1, sizeof(OCSecurityPayload));
+        response.payload = (OCPayload*)(&ocPayload);
         response.payload->type = PAYLOAD_TYPE_SECURITY;
-        ((OCSecurityPayload*)response.payload)->securityData = OICStrdup(rspPayload);
+        ((OCSecurityPayload*)response.payload)->securityData = (char *)rspPayload;
         response.persistentBufferFlag = 0;
 
         return OCDoResponse(&response);
diff --git a/resource/csdk/stack/src/ocserverrequest.c b/resource/csdk/stack/src/ocserverrequest.c
index add91c7..02883a0 100644
--- a/resource/csdk/stack/src/ocserverrequest.c
+++ b/resource/csdk/stack/src/ocserverrequest.c
@@ -450,13 +450,9 @@ OCStackResult HandleSingleResponse(OCEntityHandlerResponse * ehResponse)
         responseInfo.info.type = CA_MSG_NONCONFIRM;
     }
 
+    char rspToken[CA_MAX_TOKEN_LEN + 1] = {};
     responseInfo.info.messageId = serverRequest->coapID;
-    responseInfo.info.token = (CAToken_t)OICMalloc(CA_MAX_TOKEN_LEN+1);
-    if (!responseInfo.info.token)
-    {
-        OC_LOG(FATAL, TAG, "Memory alloc for token failed");
-        return result;
-    }
+    responseInfo.info.token = (CAToken_t)rspToken;
 
     memcpy(responseInfo.info.token, serverRequest->requestToken, serverRequest->tokenLength);
     responseInfo.info.tokenLength = serverRequest->tokenLength;
@@ -479,7 +475,6 @@ OCStackResult HandleSingleResponse(OCEntityHandlerResponse * ehResponse)
         if(!responseInfo.info.options)
         {
             OC_LOG(FATAL, TAG, PCF("Memory alloc for options failed"));
-            OICFree(responseInfo.info.token);
             return OC_STACK_NO_MEMORY;
         }
 
@@ -604,7 +599,6 @@ OCStackResult HandleSingleResponse(OCEntityHandlerResponse * ehResponse)
     #endif
 
     OICFree(responseInfo.info.payload);
-    OICFree(responseInfo.info.token);
     OICFree(responseInfo.info.options);
     //Delete the request
     FindAndDeleteServerRequest(serverRequest);
-- 
2.7.4