From 62f5a2e679ddc2706caa1aead719697209318609 Mon Sep 17 00:00:00 2001
From: Aleksey Volkov <a.volkov@samsung.com>
Date: Thu, 5 Sep 2019 20:22:22 +0300
Subject: [PATCH] svace fixes

https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/commit/dfdaf037df98fbd0c8b659fccdfe0384bb466547
(cherry-picked from dfdaf037df98fbd0c8b659fccdfe0384bb466547)

Change-Id: Ic0361d29c7bc8f0aa4708ec103728e968b430a42
Signed-off-by: Aleksey Volkov <a.volkov@samsung.com>
Signed-off-by: Sudipto <sudipto.bal@samsung.com>
---
 .../src/adapter_util/ca_adapter_net_ssl.c           |  4 ++++
 .../src/multipleownershiptransfermanager.c          |  3 +++
 .../provisioning/src/ownershiptransfermanager.c     |  8 +++++++-
 resource/csdk/security/provisioning/src/pmutility.c |  1 +
 .../provisioning/src/provisioningdatabasemanager.c  |  9 ++++-----
 .../provisioning/src/secureresourceprovider.c       | 21 ++++++++++++++++++++-
 resource/csdk/security/src/amaclresource.c          |  1 +
 resource/csdk/security/src/credresource.c           |  1 +
 resource/csdk/security/src/crlresource.c            |  5 ++++-
 resource/csdk/security/src/oxmpincommon.c           |  2 ++
 resource/csdk/security/src/pconfresource.c          |  2 +-
 resource/csdk/security/src/psinterface.c            |  1 +
 12 files changed, 49 insertions(+), 9 deletions(-)

diff --git a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
index 966b2a4..ce4765a 100644
--- a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
+++ b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
@@ -928,6 +928,10 @@ static int ParseChain(mbedtls_x509_crt * crt, unsigned char * buf, size_t bufLen
             else
             {
                 unsigned char * lastCert = (unsigned char *)OICMalloc((len + 1) * sizeof(unsigned char));
+                if (lastCert == NULL)
+                {
+                    goto exit;
+                }
                 memcpy(lastCert, buf + pos, len);
                 lastCert[len] = 0x00;
                 ret = mbedtls_x509_crt_parse(crt, lastCert, len + 1);
diff --git a/resource/csdk/security/provisioning/src/multipleownershiptransfermanager.c b/resource/csdk/security/provisioning/src/multipleownershiptransfermanager.c
index 962e651..07b492e 100644
--- a/resource/csdk/security/provisioning/src/multipleownershiptransfermanager.c
+++ b/resource/csdk/security/provisioning/src/multipleownershiptransfermanager.c
@@ -904,6 +904,7 @@ static OCStackResult PostSubOwnerCredential(OTMContext_t* motCtx)
             newCredential.eownerID = OICCalloc(1, sizeof(OicUuid_t));
             if(NULL == newCredential.eownerID)
             {
+                OICFree(secPayload);
                 return OC_STACK_NO_MEMORY;
             }
         }
@@ -1089,6 +1090,7 @@ static OCStackResult StartMultipleOwnershipTransfer(OTMContext_t* motCtx,
     if(OC_STACK_OK != res)
     {
         OIC_LOG(ERROR, TAG, "Failed to convert UUID to str");
+        OICFree(strUuid);
         SetMOTResult(motCtx, res);
         return res;
     }
@@ -1104,6 +1106,7 @@ static OCStackResult StartMultipleOwnershipTransfer(OTMContext_t* motCtx,
             OIC_LOG(ERROR, TAG, "Internal error in PDMDeleteDevice");
             OICFree(strUuid);
             SetMOTResult(motCtx, res);
+            return res;
         }
     }
     else if(PDM_DEVICE_INIT == deviceState)
diff --git a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
index 986cadb..4a9021a 100644
--- a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
+++ b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
@@ -853,7 +853,12 @@ static OCStackResult SaveOwnerPSK(OCProvisionDev_t *selectedDeviceInfo)
 
         OICFree( cred->privateData.data );
         cred->privateData.data = (uint8_t *)OICCalloc(1, outSize + 1);
-        VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
+        if (cred->privateData.data == NULL)
+            {
+                OICFree(b64Buf);
+                res = OC_STACK_ERROR;
+                goto exit;
+            }
 
         strncpy((char*)(cred->privateData.data), b64Buf, outSize);
         cred->privateData.data[outSize] = '\0';
@@ -1585,6 +1590,7 @@ static OCStackResult PostOwnerCredential(OTMContext_t* otmCtx)
     if(!ownerCredential)
     {
         OIC_LOG(ERROR, TAG, "Can not find OwnerPSK.");
+        OICFree(secPayload);
         return OC_STACK_NO_RESOURCE;
     }
 
diff --git a/resource/csdk/security/provisioning/src/pmutility.c b/resource/csdk/security/provisioning/src/pmutility.c
index 4c72d5f..444ec43 100644
--- a/resource/csdk/security/provisioning/src/pmutility.c
+++ b/resource/csdk/security/provisioning/src/pmutility.c
@@ -488,6 +488,7 @@ bool PMGenerateQuery(bool isSecure,
     {
         case CT_ADAPTER_TCP:
             prefix = (isSecure == true) ? COAPS_TCP_PREFIX : COAP_TCP_PREFIX;
+            /*FALLTHROUGH*/
         case CT_ADAPTER_IP:
             switch(connType & CT_MASK_FLAGS & ~CT_FLAG_SECURE)
             {
diff --git a/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c b/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c
index c774b76..93ce7de 100644
--- a/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c
+++ b/resource/csdk/security/provisioning/src/provisioningdatabasemanager.c
@@ -323,7 +323,7 @@ OCStackResult OTMStart(const OicUuid_t *uuid, const OicUuid_t *owner)
     sqlite3_finalize(stmt);
 
     OIC_LOG_V(DEBUG, TAG, "OUT %s", __func__);
-    return OC_STACK_OK;
+    return ret;
 }
 
 OCStackResult OTMSetState(const OicUuid_t *uuid, int state)
@@ -393,12 +393,11 @@ OCStackResult OTMGetState(const OicUuid_t *uuid, int *state)
     res = sqlite3_bind_text(stmt, 1, uuidStr, strlen(uuidStr), SQLITE_TRANSIENT);
     PDM_VERIFY_SQLITE_OK(TAG, res, NULL, ERROR, OC_STACK_ERROR);
 
-    while (SQLITE_ROW == sqlite3_step(stmt))
+    if (SQLITE_ROW == sqlite3_step(stmt))
     {
         *state = sqlite3_column_int(stmt, 1);
         OIC_LOG_V(DEBUG, TAG, "%s state is %d", uuidStr, *state);
         ret = OC_STACK_OK;
-        break;
     }
 
     OICFree(uuidStr);
@@ -474,7 +473,7 @@ static OCStackResult getIdForUUID(const OicUuid_t *UUID , int *id)
     res = sqlite3_prepare_v2(g_db, sqlStat, (int)sizeof(sqlStat), &stmt, 0);
     PDM_VERIFY_SQLITE_OK(TAG, res, stmt, ERROR, OC_STACK_ERROR);
 
-    while (SQLITE_ROW == sqlite3_step(stmt))
+    if (SQLITE_ROW == sqlite3_step(stmt))
     {
         int tempId = sqlite3_column_int(stmt, PDM_FIRST_INDEX);
         OIC_LOG_V(DEBUG, TAG, "ID is %d", tempId);
@@ -841,7 +840,7 @@ static OCStackResult getUUIDforId(int id, OicUuid_t *uid, bool *result)
     res = sqlite3_bind_int(stmt, PDM_BIND_INDEX_FIRST, id);
     PDM_VERIFY_SQLITE_OK(TAG, res, stmt, ERROR, OC_STACK_ERROR);
 
-    while (SQLITE_ROW == sqlite3_step(stmt))
+    if (SQLITE_ROW == sqlite3_step(stmt))
     {
         const void *ptr = sqlite3_column_blob(stmt, PDM_FIRST_INDEX);
         memcpy(uid, ptr, sizeof(OicUuid_t));
diff --git a/resource/csdk/security/provisioning/src/secureresourceprovider.c b/resource/csdk/security/provisioning/src/secureresourceprovider.c
index 081cccd..b93fc0a 100644
--- a/resource/csdk/security/provisioning/src/secureresourceprovider.c
+++ b/resource/csdk/security/provisioning/src/secureresourceprovider.c
@@ -586,7 +586,12 @@ OCStackResult SRPSaveTrustCertChain(uint8_t *trustCertChain, size_t chainSize,
     }
 
     cred->credUsage= (char *)OICCalloc(1, strlen(TRUST_CA)+1 );
-    VERIFY_NON_NULL_RET(TAG, cred->credUsage, ERROR, OC_STACK_NO_MEMORY);
+    if (cred->credUsage == NULL)
+    {
+        OIC_LOG_V(ERROR, TAG, "%s cant alloc credUsage", __func__);
+        OICFree(cred);
+        return OC_STACK_NO_MEMORY;
+    }
     OICStrcpy(cred->credUsage, strlen(TRUST_CA) + 1, TRUST_CA);
 
     cred->credType = SIGNED_ASYMMETRIC_KEY;
@@ -657,6 +662,12 @@ OCStackResult SRPSaveOwnCertChain(OicSecKey_t * cert, OicSecKey_t * key, uint16_
 
     cred->credUsage= (char *)OICCalloc(1, strlen(PRIMARY_CERT)+1 );
     VERIFY_NON_NULL_RET(TAG, cred->credUsage, ERROR, OC_STACK_NO_MEMORY);
+    if (cred->credUsage == NULL)
+    {
+        OIC_LOG_V(ERROR, TAG, "%s cant alloc credUsage", __func__);
+        OICFree(cred);
+        return OC_STACK_NO_MEMORY;
+    }
     OICStrcpy(cred->credUsage, strlen(PRIMARY_CERT) + 1, PRIMARY_CERT) ;
 
     cred->credType = SIGNED_ASYMMETRIC_KEY;
@@ -671,6 +682,12 @@ OCStackResult SRPSaveOwnCertChain(OicSecKey_t * cert, OicSecKey_t * key, uint16_
     OicSecKey_t *privateData = &cred->privateData;
     privateData->data = (uint8_t *)OICCalloc(1, key->len);
     VERIFY_NON_NULL_RET(TAG, privateData->data, ERROR, OC_STACK_NO_MEMORY);
+    if (privateData->data == NULL)
+    {
+        OIC_LOG_V(ERROR, TAG, "%s cant alloc publicData->data", __func__);
+        OICFree(publicData->data);
+        return OC_STACK_NO_MEMORY;
+    }
     memcpy(privateData->data, key->data, key->len);
     privateData->len = key->len;
     privateData->encoding = key->encoding;
@@ -1179,6 +1196,7 @@ static OCStackResult SendDeleteCredentialRequest(void* ctx,
     if (OC_STACK_OK != result)
     {
         OIC_LOG_V(ERROR, TAG, "SendDeleteCredentialRequest : encoding error %d\n", result);
+        OICFree(subID);
         return OC_STACK_ERROR;
     }
 
@@ -1254,6 +1272,7 @@ static OCStackResult SendDeleteACLRequest(void* ctx,
                                                      destDev->endpoint.addr);
     if (OC_STACK_OK != result)
     {
+        OICFree(subID);
         OIC_LOG_V(ERROR, TAG, "SendDeleteCredentialRequest : encoding error %d\n", result);
         return OC_STACK_ERROR;
     }
diff --git a/resource/csdk/security/src/amaclresource.c b/resource/csdk/security/src/amaclresource.c
index ca0be5c..b99b967 100644
--- a/resource/csdk/security/src/amaclresource.c
+++ b/resource/csdk/security/src/amaclresource.c
@@ -255,6 +255,7 @@ OCStackResult CBORPayloadToAmacl(const uint8_t *cborPayload, size_t size,
 
     cbor_parser_init(cborPayload, size, 0, &parser, &amaclCbor);
     OicSecAmacl_t *headAmacl = (OicSecAmacl_t *)OICCalloc(1, sizeof(OicSecAmacl_t));
+    VERIFY_NON_NULL(TAG, headAmacl, ERROR);
 
     CborValue amaclMap = { .parser = NULL };
     cborFindResult = cbor_value_enter_container(&amaclCbor, &amaclMap);
diff --git a/resource/csdk/security/src/credresource.c b/resource/csdk/security/src/credresource.c
index 0bdaa5f..40aab22 100644
--- a/resource/csdk/security/src/credresource.c
+++ b/resource/csdk/security/src/credresource.c
@@ -2619,6 +2619,7 @@ int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type,
                                     if(B64_OK != b64Decode((char*)wildCardCred->privateData.data, wildCardCred->privateData.len, pinBuffer, pinBufSize, &pinLength))
                                     {
                                         OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
+                                        OICFree(pinBuffer);
                                         return ret;
                                     }
                                 }
diff --git a/resource/csdk/security/src/crlresource.c b/resource/csdk/security/src/crlresource.c
index 5a0397a..222bb0b 100644
--- a/resource/csdk/security/src/crlresource.c
+++ b/resource/csdk/security/src/crlresource.c
@@ -761,7 +761,10 @@ uint8_t *GetCrl()
     if (OC_STACK_OK == GetSecureVirtualDatabaseFromPS(OIC_CBOR_CRL_NAME, &data, &size) && data &&
         OC_STACK_OK == CBORPayloadToCrl(data, size, &crl))
     {
-        return crl->CrlData.data;
+        uint8_t *res = OICMalloc(crl->CrlData.len);
+        memcpy(res, crl->CrlData.data, crl->CrlData.len);
+        DeleteCrl(crl);
+        return res;
     }
     return NULL;
 }
diff --git a/resource/csdk/security/src/oxmpincommon.c b/resource/csdk/security/src/oxmpincommon.c
index 4908451..9725b74 100644
--- a/resource/csdk/security/src/oxmpincommon.c
+++ b/resource/csdk/security/src/oxmpincommon.c
@@ -536,6 +536,7 @@ int32_t GetDtlsPskForPreconfPinOxm( CADtlsPskCredType_t type,
                             if(B64_OK != b64Decode((char*)cred->privateData.data, cred->privateData.len, pinBuffer, pinBufSize, &pinLength))
                             {
                                 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
+                                OICFree(pinBuffer);
                                 return ret;
                             }
                         }
@@ -636,6 +637,7 @@ int32_t GetDtlsPskForMotPreconfPinOxm( CADtlsPskCredType_t type,
                             if(B64_OK != b64Decode((char*)cred->privateData.data, cred->privateData.len, pinBuffer, pinBufSize, &pinLength))
                             {
                                 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
+                                OICFree(pinBuffer);
                                 return ret;
                             }
                         }
diff --git a/resource/csdk/security/src/pconfresource.c b/resource/csdk/security/src/pconfresource.c
index 3404a16..36b5295 100644
--- a/resource/csdk/security/src/pconfresource.c
+++ b/resource/csdk/security/src/pconfresource.c
@@ -525,7 +525,7 @@ OCStackResult CBORPayloadToPconf(const uint8_t *cborPayload, size_t size, OicSec
                 uint8_t *pin = NULL;
                 cborFindResult = cbor_value_dup_byte_string(&pconfMap, &pin, &len, NULL);
                 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get value");
-                memcpy(pconf->pin.val, pin, len);
+                memcpy(pconf->pin.val, pin, len > 8 ? 8 : len);
                 OICFree(pin);
             }
 
diff --git a/resource/csdk/security/src/psinterface.c b/resource/csdk/security/src/psinterface.c
index c24f05a..baba287 100644
--- a/resource/csdk/security/src/psinterface.c
+++ b/resource/csdk/security/src/psinterface.c
@@ -213,6 +213,7 @@ static OCStackResult getPlaintextFromDB(const OCPersistentStorage *ps, uint8_t *
     fp = ps->open(SVR_DB_DAT_FILE_NAME, "rb");
     if (NULL == fp)
     {
+        OICFree(plaintext);
         OIC_LOG(ERROR, TAG, "ps->open() Failed");
         return OC_STACK_ERROR;
     }
-- 
2.7.4