Coverity issues

[Danielius1922]

Coverity issues reported by https://scan.coverity.com/projects/iotivity-iotivity-lite?tab=overview (or by other developers running custom coverity scans):

Internal nightly scan

Impact: High

Version: b2b66ef

• Out-of-bounds write (321043, storage.c:120)

Version: 9415446

• Resource leak (319261, security/oc_roles.c:152)
• Resource leak (319258, security/oc_obt.c:2097)
• Resource leak (319254, api/cloud/oc_cloud_deregister.c:307)
• Resource leak (319252, messaging/coap/separate.c:160)
• Resource leak (319251, security/oc_oscore_context.c:147)
• Resource leak (319246, security/oc_obt.c:1335)
• Resource leak (319244, messaging/coap/oscore.c:64)
• Out-of-bounds access (319243, observe.c:508)
• Destination buffer too small (319240, apps/cloud_proxy.c:1360)
• Out-of-bounds access (319239, security/oc_obt.c:1113)
• Resource leak (319234, apps/cloud_proxy.c:1366)
• Out-of-bounds access (319233, messaging/coap/oscore.c:305)
• Resource leak (319232, security/oc_obt.c:1609)
• Resource leak (319231, security/oc_obt.c:1171)
• Out-of-bounds access (319229, security/oc_obt.c:1296)
• Uninitialized scalar variable (319228, security/oc_obt.c:488)
• Out-of-bounds access (319227, security/oc_obt.c:1057)
• Out-of-bounds access (319225, messaging/coap/oscore.c:288)
• Resource leak (319222, security/oc_obt.c:2630)
• Copy of overlapping memory (319221, security/oc_tls.c:2786)
• Out-of-bounds access (319217, security/oc_cred.c:996)
• Resource leak (319216, security/oc_obt.c:903)
• Resource leak (319214, python/oc_python.c:1442)
• Uninitialized scalar variable (319210, security/oc_oscore_engine.c:256)
• Resource leak (319207, security/oc_obt.c:2043)
• String not null terminated (319205, apps/cloud_server.c:902)
• Resource leak (319204, messaging/coap/engine.c:133)
• Resource leak (319203, security/oc_obt.c:2258)

Impact: Medium

• Logically dead code (319262, port/linux/ipadapter.c:897)
• Truncated stdio return value (319256, apps/server_rules.c)
• Unchecked return value from library (319255, apps/simpleserver-resourcedefaults.c:1191)
• Argument cannot be negative (319253, apps/server_certification_tests.c:576)
• Logically dead code (319248, security/oc_tls.c:2341)
• Unchecked return value (319247, apps/simpleserver_pki.c:436)
• Unchecked return value (319242, api/cloud/oc_cloud_resource.c:127)
• Unchecked return value (319236, api/cloud/oc_cloud_resource.c:176)
• Untrusted loop bound (319224, onboarding_tool/obtmain.c:1626)
• Dereference after null check (319218, apps/cloud_proxy.c:1598)
• Untrusted loop bound (319215, port/linux/ipadapter.c:896)
• Untrusted loop bound (319213, port/linux/tcpsession.c:441)
• Constant expression result (319212, security/oc_tls.c:2339)
• Dereference before null check (319211, api/oc_collection.c:914)
• Unchecked return value from library (319209, apps/smart_home_server_linux.c:72)
• Unchecked return value (319206 , apps/simpleserver_pki.c:438)

Impact: Low

• Copy into fixed size buffer (319263, apps/cloud_proxy.c:1138)
• 'Constant' variable guards dead code (319260, apps/simpleserver-resourcedefaults.c:475)
• 'Constant' variable guards dead code (319257, apps/cloud_proxy.c:564)
• Copy into fixed size buffer (319250, security/oc_obt.c:2270)
• Copy into fixed size buffer (319241, apps/server_rules.c:704)
• 'Constant' variable guards dead code (319237, apps/server_certification_tests.c:1298)
• Copy into fixed size buffer (319235, apps/cloud_proxy.c:1238)
• Calling risky function (319230, apps/client_certification_tests.c:835)
• Copy into fixed size buffer (319226, apps/cloud_proxy.c:1061)
• Copy into fixed size buffer (319223, python/oc_python.c:1926)
• Copy into fixed size buffer (319220, apps/push_configurator_multithread_linux.c:342)
• Copy into fixed size buffer (319219, apps/server_rules.c:667)

Reported by other teams

Impact: High

• Out-of-bounds access (55558, coap_remove_observer_by_resource, messaging/coap/observe.c:404)
  Trace

  
• Out-of-bounds access (55593, security/oc_tls.c:2750)
  Trace

  
• Uninitialized scalar variable (55709, security/oc_tls.c:488)
  Trace

  
  Duplicate of 319228
• Use of 32-bit time_t (55774, port/linux/clock.c:58)
  Trace

  
• Out-of-bounds access (55868, coap_remove_observer_by_resource, messaging/coap/observe.c:404)
  Trace

  

Impact: Medium

• Logically dead code (55766, security/oc_tls.c:2305)
  Trace

  
• Logically dead code (55687, port/linux/ipadapter.c:1088)
  Trace

  
• Unintentional integer overflow (55943, port/linux/tcpsession.c:1241)
  Trace

  
• Unintentional integer overflow (55938, port/linux/tcpsession.c:1241)
  Trace

  
• Unintended sign extension (55942, port/linux/tcpsession.c:1249)
  Trace

  
• Unintended sign extension (55937, port/linux/tcpsession.c:1171)
  Trace

  
• Unintended sign extension (55910, api/oc_server_api.c:844)
  Trace

  
• Overflowed return value (55864, security/oc_certs.c:103)
  Trace

  
• Overflowed return value (55610, security/oc_certs.c:136)
  Trace

        133 bool
        134 oc_sec_certs_ecp_group_id_is_allowed(mbedtls_ecp_group_id gid)
        135 {
          1. Condition gid != MBEDTLS_ECP_DP_NONE, taking false branch.
   	  2. overflow: Subtract operation overflows on operands gid and 1U.
          CID 55610 (#5 of 5): Overflowed return value (INTEGER_OVERFLOW)
          3. overflow_sink: Overflowed or truncated value (or a value computed from an overflowed or truncated value) gid !=         MBEDTLS_ECP_DP_NONE && ((1 << gid - 1U) & g_allowed_ecp_grpids_mask) != 0U used as return value.
        136   return gid != MBEDTLS_ECP_DP_NONE &&
        137          (MBEDTLS_X509_ID_FLAG(gid) & g_allowed_ecp_grpids_mask) != 0;
        138 }
    

• Unchecked return value (55650, api/cloud/oc_cloud_resource.c:174)
  Trace

  
• Unchecked return value (55781, security/oc_obt.c:626)
  Trace

  
• Dereference before null check (55782, api/oc_collection.c:914)
  Trace

  
• Explicit null dereferenced
  Trace

        260 int
        261 oc_sec_sdi_encode(size_t device, oc_interface_mask_t iface_mask)
        262 {
        263  const oc_sec_sdi_t *sdi = oc_sec_sdi_get(device);
            1. assign_zero: Assigning: sdi_res = NULL.
        264  const oc_resource_t *sdi_res = NULL;
   	        2. Condition (iface_mask & OC_IF_BASELINE) != 0, taking false branch.
        265   if ((iface_mask & OC_IF_BASELINE) != 0) {
        266     sdi_res = oc_core_get_resource_by_index(OCF_SEC_SDI, device);
        267   }
   	        CID 57077 (#1 of 1): Explicit null dereferenced (FORWARD_NULL)
        	3. var_deref_model: Passing null pointer sdi_res to oc_sec_sdi_encode_with_resource, which dereferences it.
        268    return oc_sec_sdi_encode_with_resource(sdi, sdi_res, iface_mask);
        269  }
    

• Bad comparison of floating-point expressions
  Trace

        279  // tag-pos-rel
        280  const double *pos = resource->tag_pos_rel;  	
            CID 57076 (#1-3 of 3): Bad comparison of floating-point expressions (FLOATING_POINT_EQUALITY)
            1. floating_point_equality: Floating point expression pos[0] is compared using operator !=.
        281  if (pos[0] != 0 || pos[1] != 0 || pos[2] != 0) {
        282    oc_rep_set_key(oc_rep_object(link), "tag-pos-rel");
        283    oc_rep_start_array(oc_rep_object(link), tag_pos_rel);
        284    oc_rep_add_double(tag_pos_rel, pos[0]);
        285    oc_rep_add_double(tag_pos_rel, pos[1]);
        286    oc_rep_add_double(tag_pos_rel, pos[2]);
        287    oc_rep_end_array(oc_rep_object(link), tag_pos_rel);
        288  }