[Security][Dangling Pointer] encodeBuff can be freed without declaration
■ Location :
■ Description :
in Line 693: When CAGenerateOwnerPSK() failes -> pskRet != CA_STATUS_OK
in Line 698: goes to exit label.
in Line 731: OICFree(encodeBuff) is called.
In this case, encodeBuff is tried to be freed, but it is not declared yet.
(encodeBuff is declared in Line 705)
It may cause crash of the process.
■ Recommended Mitigation :
Move the declaration of "encodeBuff" to the beginning of the function.
(Don't forget to initialize it with NULL)
■ Note (Test Environment)
============= Request for Defect modifications =============
JIRA migration meta data
- JIRA Issue ID: IOT-1055
- Reporter: jspark
- Assignee: js126.lee
- Creator: jspark
- Created at: 2016-03-30T18:21:26.000-0700
- Found in Version: 1.1.0
- Fix in Version: 1.1.0-RC2
- Issue Severity: Major
- Reproducibility: Always (100%)
- Operating System: Ubuntu
- Hardware/ OEM Platform: None
- External URL: None
- Bugzilla ID: None
- Product: None
- Status: Closed
- Components: SDK
- Priority: Undecided
- Due Date: None
Issue Type: Bug
END of JIRA migration meta data