Fixed security issues

[platform/core/base/bundle.git] / src / keyval.c

diff --git a/src/keyval.c b/src/keyval.c
index 279d469..6be41a2 100755 (executable)
--- a/src/keyval.c
+++ b/src/keyval.c
@@ -247,52 +247,54 @@ size_t keyval_decode(unsigned char *byte, keyval_t **kv, size_t byte_size)
        unsigned char *p = byte;
        size_t encoded_size;
 
-       byte_len = *((size_t *)p);
-
        if (byte_size < sz_byte_len)
                return 0;
 
+       memcpy(&byte_len, p, sz_byte_len);
+       if (byte_size < byte_len)
+               return 0;
+
        byte_size -= sz_byte_len;
        p += sz_byte_len;
-       type = *((int *)p);
 
        if (byte_size < sz_type)
                return 0;
 
+       memcpy(&type, p, sz_type);
+
        byte_size -= sz_type;
        p += sz_type;
-       keysize = *((size_t *)p);
 
        if (byte_size < sz_keysize)
                return 0;
 
+       memcpy(&keysize, p, sz_keysize);
+
        byte_size -= sz_keysize;
        p += sz_keysize;
-       key = (char *)p;
 
        if (byte_size < keysize)
                return 0;
 
+       key = (char *)p;
        if (!key || (strnlen(key, keysize) + 1) != keysize)
                return 0;
 
        byte_size -= keysize;
        p += keysize;
-       size = *((size_t *)p);
 
        if (byte_size < sz_size)
                return 0;
 
-       byte_size -= sz_size;
-       p += sz_size;
-       val = (void *)p;
+       memcpy(&size, p, sz_size);
 
        encoded_size = sz_byte_len + sz_type + sz_keysize + keysize +
                sz_size + size;
        if (encoded_size != byte_len)
                return 0;
 
-       p += size;
+       p += sz_size;
+       val = (void *)p;
 
        if (kv)
                *kv = keyval_new(*kv, key, type, val, size);
@@ -307,7 +309,7 @@ int keyval_get_type_from_encoded_byte(unsigned char *byte)
        int type;
 
        p += sz_byte_len;
-       type = *((int *)p);
+       memcpy(&type, p, sizeof(int));
 
        return type;
 }