Fixed Snyk vulnerabilities from bucket_metadata.c, request.c and serv…

…ice_access_logging.c file

src/bucket_metadata.c

@@ -164,7 +164,11 @@ void S3_get_acl(const S3BucketContext *bucketContext, const char *key,
     };
 
     // Perform the request
-    request_perform(&params, requestContext);
+    if (!request_perform(&params, requestContext)) {
+        free(gaData);
+        (*(handler->completeCallback))(S3StatusRequestFailed, 0, callbackData);
+        return;
+    }
 }
 
 
@@ -478,7 +482,11 @@ void S3_get_lifecycle(const S3BucketContext *bucketContext,
     };
 
     // Perform the request
-    request_perform(&params, requestContext);
+    if (!request_perform(&params, requestContext)) {
+        free(gaData);
+        (*(handler->completeCallback))(S3StatusRequestFailed, 0, callbackData);
+        return;
+    }
 }
 
 
@@ -602,7 +610,11 @@ void S3_set_lifecycle(const S3BucketContext *bucketContext,
     };
 
     // Perform the request
-    request_perform(&params, requestContext);
+     if (!request_perform(&params, requestContext)) {
+        free(data);
+        (*(handler->completeCallback))(S3StatusRequestFailed, 0, callbackData);
+        return;
+     }
 #endif
 }
 

src/request.c

@@ -834,6 +834,10 @@ static void sort_query_string(const char *queryString, char *result,
     // Where did strdup go?!??
     int queryStringLen = strlen(queryString);
     char *buf = (char *) malloc(queryStringLen + 1);
+    if (!buf) {
+        result[0] = '\0';
+        return; // <-- Add: free(buf); before return (but buf is NULL here, so it's safe)
+    }
     char *tok = buf;
     strcpy(tok, queryString);
     const char *token = NULL;
@@ -865,9 +869,8 @@ static void sort_query_string(const char *queryString, char *result,
     if (len > 0) {
         result[len - 1] = 0;
     }
-#undef append
-
     free(buf);
+#undef append
 }
 
 

src/service_access_logging.c

@@ -142,13 +142,16 @@ static S3Status convertBlsXmlCallback(const char *elementPath,
 
             if (caData->emailAddress[0]) {
                 grant->granteeType = S3GranteeTypeAmazonCustomerByEmail;
-                strcpy(grant->grantee.amazonCustomerByEmail.emailAddress,
-                       caData->emailAddress);
+                strncpy(grant->grantee.amazonCustomerByEmail.emailAddress, caData->emailAddress, S3_MAX_GRANTEE_EMAIL_ADDRESS_SIZE - 1);
+                grant->grantee.amazonCustomerByEmail.emailAddress[S3_MAX_GRANTEE_EMAIL_ADDRESS_SIZE - 1] = '\0';
             }
             else if (caData->userId[0] && caData->userDisplayName[0]) {
                 grant->granteeType = S3GranteeTypeCanonicalUser;
-                strcpy(grant->grantee.canonicalUser.id, caData->userId);
-                strcpy(grant->grantee.canonicalUser.displayName,
+                strncpy(grant->grantee.canonicalUser.id, caData->userId, S3_MAX_GRANTEE_USER_ID_SIZE - 1);
+                grant->grantee.canonicalUser.id[S3_MAX_GRANTEE_USER_ID_SIZE - 1] = '\0';
+
+                strncpy(grant->grantee.canonicalUser.displayName, caData->userDisplayName, S3_MAX_GRANTEE_DISPLAY_NAME_SIZE - 1);
+                grant->grantee.canonicalUser.displayName[S3_MAX_GRANTEE_DISPLAY_NAME_SIZE - 1] = '\0';
                        caData->userDisplayName);
             }
             else if (caData->groupUri[0]) {