From a34438c5ec5fec1f416ae422e6a535e1e7fef6da Mon Sep 17 00:00:00 2001
From: Jan-Willem Blokland <Jan-Willem.Blokland@Shell.com>
Date: Tue, 20 Jun 2023 07:09:32 +0200
Subject: [PATCH] ROS3: (feature+fix) Temporary security credentials - comments
 4

- Implemented additional error check to ensure that the variable
  token_src is properly allocated.
- Removed the unused static token variable in h5dump.c
- Improved the description in the release_docs/RELEASE.txt document
  about the newly implemented functionality of supporting temporary
  security credentials for ROS3 file driver.
---
 release_docs/RELEASE.txt  | 13 +++++++++----
 src/H5FDros3.c            |  4 +++-
 tools/src/h5dump/h5dump.c |  3 +--
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index c875727a6bb..95e8280fd0b 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -148,6 +148,15 @@ New Features
 
     Library:
     --------
+    - Implemented support for temporary security credentials for the Read-Only
+      S3 (ROS3) file driver.
+      
+      When using temporary security credentials, one also needs to specify a
+      session/security token next to the access key id and secret access key.
+      This token can be specified by the new API function H5Pset_fapl_ros3_token().
+      The API function H5Pget_fapl_ros3_token() can be used to retrieve
+      the currently set token.
+
     - Added a Subfiling VFD configuration file prefix environment variable
 
       The Subfiling VFD now checks for values set in a new environment
@@ -168,10 +177,6 @@ New Features
       order to avoid malloc/memcpy.  Currently only used for type conversion
       with selection I/O.
 
-    - Added H5Pset_fapl_ros3_token() and H5Pget_fapl_ros3_token() API functions
-      to set or get the session/security token. This token is needed when
-      making use of AWS temporary security credentials.
-
 
     Parallel Library:
     -----------------
diff --git a/src/H5FDros3.c b/src/H5FDros3.c
index 273ad773a99..3399bdfd987 100644
--- a/src/H5FDros3.c
+++ b/src/H5FDros3.c
@@ -844,7 +844,9 @@ H5Pset_fapl_ros3_token(hid_t fapl_id, const char *token)
         HDmemcpy(token_src, token, HDstrlen(token) + 1);
     }
     else {
-        token_src = HDmalloc(sizeof(char) * (H5FD_ROS3_MAX_SECRET_TOK_LEN + 1));
+        token_src = (char *)HDmalloc(sizeof(char) * (H5FD_ROS3_MAX_SECRET_TOK_LEN + 1));
+        if (token_src == NULL)
+            HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, FAIL, "cannot make space for token_src variable.");
         HDmemcpy(token_src, token, HDstrlen(token) + 1);
         if (H5P_insert(plist, ROS3_TOKEN_PROP_NAME, sizeof(char *), &token_src, NULL, NULL, NULL, NULL,
                        H5FD__ros3_str_token_delete, H5FD__ros3_str_token_copy, H5FD__ros3_str_token_cmp,
diff --git a/tools/src/h5dump/h5dump.c b/tools/src/h5dump/h5dump.c
index b6c2f7f66da..7cf800139cd 100644
--- a/tools/src/h5dump/h5dump.c
+++ b/tools/src/h5dump/h5dump.c
@@ -42,8 +42,7 @@ static H5FD_ros3_fapl_ext_t ros3_fa_g = {
     },
     "", /* Session/security token */
 };
-static char token[H5FD_ROS3_MAX_SECRET_TOK_LEN]; /* Session/security token */
-#endif                                           /* H5_HAVE_ROS3_VFD */
+#endif /* H5_HAVE_ROS3_VFD */
 
 #ifdef H5_HAVE_LIBHDFS
 /* "Default" HDFS configuration */