Addressed Checkmarx issues

microstack/ILibMulticastSocket.c

@@ -309,7 +309,7 @@ struct ILibMulticastSocket_StateModule *ILibMulticastSocket_Create(void *Chain,
 	if (MulticastAddr != NULL)
 	{
 		// Setup the IPv4 multicast address
-		memcpy(&(module->MulticastAddr), MulticastAddr, sizeof(struct sockaddr_in));
+		memcpy_s(&(module->MulticastAddr), sizeof(struct sockaddr_in), MulticastAddr, sizeof(struct sockaddr_in));
 		if (module->MulticastAddr.sin_port == 0) module->MulticastAddr.sin_port = htons(LocalPort);
 
 		// Setup incoming IPv4 socket
@@ -337,7 +337,7 @@ struct ILibMulticastSocket_StateModule *ILibMulticastSocket_Create(void *Chain,
 			ILibChain_Link_SetMetadata(module->UDPServer6, "ILibMulticastSocketListener_v6");
 
 			// Setup the IPv6 multicast address
-			memcpy(&(module->MulticastAddr6), MulticastAddr6, sizeof(struct sockaddr_in6));
+			memcpy_s(&(module->MulticastAddr6), sizeof(struct sockaddr_in6), MulticastAddr6, sizeof(struct sockaddr_in6));
 			if (module->MulticastAddr6.sin6_port == 0) module->MulticastAddr6.sin6_port = htons(LocalPort);
 
 			// Set TTL, IPv6, Loop and Reuse flags assumed to already be set
@@ -385,7 +385,7 @@ void ILibMulticastSocket_WakeOnLan(void *module, char* mac)
 
 	// Create the magic packet
 	memset(ILibScratchPad, 0xFF, 6);
-	for (i = 1; i < 17; i++) memcpy(ILibScratchPad + (6 * i), mac, 6);
+	for (i = 1; i < 17; i++) memcpy_s(ILibScratchPad + (6 * i), sizeof(ILibScratchPad) - (6*i), mac, 6);
 
 	// Send it
 	for (i = 0; i < 2; i++)

microstack/ILibParsers.h

@@ -264,7 +264,7 @@ long ILibGetTimeStamp();
 // Polyfills
 #ifndef memcpy_s
 	int ILibMemory_Copy_s(void *destination, size_t destinationSize, void *source, size_t sourceLength);
-	#define memcpy_s(dest, destSize, source, sourceLen) ILibMemory_Copy_s(dest, destSize, source, sourceLen)
+	#define memcpy_s(dest, destSize, source, sourceLen) ILibMemory_Copy_s(dest, destSize, (void*)source, sourceLen)
 #endif
 
 #ifndef memmove_s

microstack/ILibWebRTC.c

@@ -1141,7 +1141,7 @@ void ILibStun_OnDestroy(void *object)
 
 	ILibLinkedList_Destroy(obj->StunUsers);
 	if (obj->turnUsername != NULL) { free(obj->turnUsername); obj->turnUsername = NULL; }
-	if (obj->turnPassword != NULL) { free(obj->turnPassword); obj->turnPassword = NULL; }
+	if (obj->turnPassword != NULL) { memset(obj->turnPassword, 0, obj->turnPasswordLength); free(obj->turnPassword); obj->turnPassword = NULL; }
 
 	ILibLifeTime_Remove(obj->Timer, ILibWebRTC_STUN_TO_PERIODIC_CHECK_TIMER(obj));
 	if (extraClean == 0) return;
@@ -3005,6 +3005,7 @@ void ILibORTC_SetRemoteParameters(void* stunModule, char *username, int username
 	ILibRemoteLogging_printf(ILibChainGetLogger(obj->ChainLink.ParentChain), ILibRemoteLogging_Modules_WebRTC_STUN_ICE, ILibRemoteLogging_Flags_VerbosityLevel_1, "ILibORTC_SetRemoteParameters -> ILibStun_SetIceOffer2");
 	ILibStun_SetIceOffer2(stunModule, offer, offerLen, localUserName, localUserNameLen, localPassword, localPasswordLen, &answer);
 	free(answer);
+	localPassword = NULL;
 }
 
 void ILibORTC_AddRemoteCandidate(void *stunModule, char* localUsername, struct sockaddr_in6 *candidate)
@@ -6277,7 +6278,7 @@ void ILibWebRTC_SetTurnServer(void* stunModule, struct sockaddr_in6* turnServer,
 	}
 	if (stun->turnPassword != NULL)
 	{
-		free(stun->turnPassword);
+		memset(stun->turnPassword, 0, stun->turnPasswordLength); free(stun->turnPassword);
 		stun->turnPassword = NULL;
 	}
 	if (passwordLength > 0 && password != NULL)

microstack/ILibWrapperWebRTC.c

@@ -309,6 +309,7 @@ char* ILibWrapper_SdpToBlock(char* sdp, int sdpLen, int *isActive, char **userna
 	ILibDestructParserResults(pr);
 	free(lines);
 	if(dtlshash!=NULL) {free(dtlshash);}
+	password = NULL;
 	return(retVal);
 }
 
@@ -417,6 +418,7 @@ int ILibWrapper_BlockToSDPEx(char* block, int blockLen, char** username, char**
 			x += sprintf_s(*sdp+x, sdpLen-x, sdpTemplateRelay, i, c, 2128609535-i, relayAddressString, relayAddressPort,  (unsigned char)candidates[0], (unsigned char)candidates[1], (unsigned char)candidates[2], (unsigned char)candidates[3]);
 		}
 	}
+	password = NULL;
 	return(x);
 }