Fix issues reported by SonarCloud

Author: Danielius1922

docker/apps/Dockerfile.cloud-server

@@ -7,7 +7,8 @@ WORKDIR /iotivity-lite
 RUN git submodule update --recursive
 RUN mkdir /iotivity-lite/build
 WORKDIR /iotivity-lite/build
-RUN	cmake -DCMAKE_BUILD_TYPE=${BUILD_TYPE} -DCMAKE_VERBOSE_MAKEFILE=ON -DBUILD_TESTING=OFF -DOC_CLOUD_ENABLED=ON ${BUILD_ARGS} .. && \
+RUN	cmake -DCMAKE_BUILD_TYPE=${BUILD_TYPE} -DCMAKE_VERBOSE_MAKEFILE=ON -DBUILD_TESTING=OFF \
+	-DOC_CLOUD_ENABLED=ON ${BUILD_ARGS} .. && \
 	cmake --build . --target cloud_server
 
 # install libfaketime

docker/apps/Dockerfile.cloud-server-debug

@@ -3,7 +3,7 @@ ARG BUILD_TYPE=Release
 ARG BUILD_ARGS
 RUN apt-get update -y && \
 	DEBIAN_FRONTEND="noninteractive" apt-get install --no-install-recommends -y bash \
-	ca-certificates cmake curl gcovr gdb git-core g++ make patch python3 && \
+	ca-certificates cmake curl g++ gcovr gdb git-core make patch python3 && \
 	apt-get clean
 COPY ./  /iotivity-lite/
 WORKDIR /iotivity-lite

port/android/ipadapter.c

@@ -732,8 +732,8 @@ recv_msg(int sock, uint8_t *recv_buf, int recv_buf_size,
     return -1;
   }
 
-  struct cmsghdr *cmsg;
-  for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != 0; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+  for (struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg); cmsg != 0;
+       cmsg = CMSG_NXTHDR(&msg, cmsg)) {
     if (cmsg->cmsg_level == IPPROTO_IPV6 && cmsg->cmsg_type == IPV6_PKTINFO) {
       if (msg.msg_namelen != sizeof(struct sockaddr_in6)) {
         OC_ERR("anciliary data contains invalid source address");

port/esp32/adapter/src/ipadapter.c

@@ -553,8 +553,8 @@ recv_msg(int sock, uint8_t *recv_buf, int recv_buf_size,
     return -1;
   }
 
-  struct cmsghdr *cmsg;
-  for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != 0; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+  for (struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg); cmsg != 0;
+       cmsg = CMSG_NXTHDR(&msg, cmsg)) {
     if (cmsg->cmsg_level == IPPROTO_IPV6 && cmsg->cmsg_type == IPV6_PKTINFO) {
       if (msg.msg_namelen != sizeof(struct sockaddr_in6)) {
         OC_ERR("anciliary data contains invalid source address");

port/linux/ip.c

@@ -169,8 +169,8 @@ oc_ip_recv_msg(int sock, uint8_t *recv_buf, long recv_buf_size,
     return -1;
   }
 
-  struct cmsghdr *cmsg;
-  for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != 0; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+  for (struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg); cmsg != 0;
+       cmsg = CMSG_NXTHDR(&msg, cmsg)) {
     if (cmsg->cmsg_level == IPPROTO_IPV6 && cmsg->cmsg_type == IPV6_PKTINFO) {
       if (msg.msg_namelen != sizeof(struct sockaddr_in6)) {
         OC_ERR("anciliary data contains invalid source address");

security/oc_tls.c

@@ -744,29 +744,30 @@ check_retry_timers(void)
 {
   oc_tls_peer_t *peer = (oc_tls_peer_t *)oc_list_head(g_tls_peers);
   while (peer != NULL) {
+    if (peer->ssl_ctx.state == MBEDTLS_SSL_HANDSHAKE_OVER ||
+        !oc_etimer_expired(&peer->timer.fin_timer)) {
+      peer = peer->next;
+      continue;
+    }
     oc_tls_peer_t *next = peer->next;
-    if (peer->ssl_ctx.state != MBEDTLS_SSL_HANDSHAKE_OVER) {
-      if (oc_etimer_expired(&peer->timer.fin_timer)) {
-        int ret = mbedtls_ssl_handshake(&peer->ssl_ctx);
-        if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
-          mbedtls_ssl_session_reset(&peer->ssl_ctx);
-          if (peer->role == MBEDTLS_SSL_IS_SERVER &&
-              mbedtls_ssl_set_client_transport_id(
-                &peer->ssl_ctx, (const unsigned char *)&peer->endpoint.addr,
-                sizeof(peer->endpoint.addr)) != 0) {
-            TLS_LOG_MBEDTLS_ERROR("mbedtls_ssl_set_client_transport_id", ret);
-            oc_tls_free_peer(peer, false, false, true);
-            peer = next;
-            continue;
-          }
-        }
-        if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
-            ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
-          TLS_LOG_MBEDTLS_ERROR("mbedtls_ssl_handshake", ret);
-          oc_tls_free_peer(peer, false, false, true);
-        }
+    int ret = mbedtls_ssl_handshake(&peer->ssl_ctx);
+    if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
+      mbedtls_ssl_session_reset(&peer->ssl_ctx);
+      if (peer->role == MBEDTLS_SSL_IS_SERVER &&
+          mbedtls_ssl_set_client_transport_id(
+            &peer->ssl_ctx, (const unsigned char *)&peer->endpoint.addr,
+            sizeof(peer->endpoint.addr)) != 0) {
+        TLS_LOG_MBEDTLS_ERROR("mbedtls_ssl_set_client_transport_id", ret);
+        oc_tls_free_peer(peer, false, false, true);
+        peer = next;
+        continue;
       }
     }
+    if (ret < 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
+        ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+      TLS_LOG_MBEDTLS_ERROR("mbedtls_ssl_handshake", ret);
+      oc_tls_free_peer(peer, false, false, true);
+    }
     peer = next;
   }
 }
@@ -937,15 +938,13 @@ oc_tls_add_new_certs(oc_sec_credusage_t credusage,
     oc_sec_creds_t *creds = oc_sec_get_creds(device);
     oc_sec_cred_t *cred = (oc_sec_cred_t *)oc_list_head(creds->creds);
     for (; cred != NULL; cred = cred->next) {
-      /* Pick all "leaf" certificates with matching credusage */
-      if ((cred->credusage & credusage) != 0 && !cred->child) {
-
-        if (is_known_cert(cred)) {
-          continue;
-        }
-
-        add_new_cert(cred, device);
+      /* Pick all "leaf" certificates with matching credusage that haven't been
+       * added yet */
+      if ((cred->credusage & credusage) == 0 || cred->child ||
+          is_known_cert(cred)) {
+        continue;
       }
+      add_new_cert(cred, device);
     }
   }
 }