Protect from passing zero-length privileges to API

author Piotr Sawicki <p.sawicki2@partner.samsung.com>

Mon, 24 Jul 2017 11:59:31 +0000 (13:59 +0200)

committer Piotr Sawicki <p.sawicki2@partner.samsung.com>

Wed, 26 Jul 2017 12:28:59 +0000 (14:28 +0200)
author Piotr Sawicki <p.sawicki2@partner.samsung.com>
Mon, 24 Jul 2017 11:59:31 +0000 (13:59 +0200)
committer Piotr Sawicki <p.sawicki2@partner.samsung.com>
Wed, 26 Jul 2017 12:28:59 +0000 (14:28 +0200)
diff --git a/src/client/api/askuser-notification-client.cpp b/src/client/api/askuser-notification-client.cpp

index 9de7c6d..7faa1f2 100644 (file)
--- a/src/client/api/askuser-notification-client.cpp
+++ b/src/client/api/askuser-notification-client.cpp
@@ -20,6 +20,7 @@
   * @brief       This file contains the implementation of the askuser-notification client API.
   */
  
+#include <cstring>
  #include <memory>
  
  #include <log/alog.h>
@@ -100,6 +101,10 @@ int askuser_client_check_privilege(askuser_client *p_client,
          return ASKUSER_API_INVALID_PARAM;
      }
  
+    if (std::strlen(privilege) == 0) {
+        return ASKUSER_API_INVALID_PARAM;
+    }
+
      return AskUser::Client::tryCatch([&]() {
          *p_result = p_client->impl->checkPrivilege(privilege);
          return ASKUSER_API_SUCCESS;
@@ -115,6 +120,10 @@ int askuser_client_popup_request(askuser_client *p_client, const char *privilege
          return ASKUSER_API_INVALID_PARAM;
      }
  
+    if (std::strlen(privilege) == 0) {
+        return ASKUSER_API_INVALID_PARAM;
+    }
+
      return AskUser::Client::tryCatch([&]() {
          if (p_client->impl->popupRequestInProgress(privilege)) {
              return ASKUSER_API_ALREADY_IN_PROGRESS;
author	Piotr Sawicki <p.sawicki2@partner.samsung.com>
	Mon, 24 Jul 2017 11:59:31 +0000 (13:59 +0200)
committer	Piotr Sawicki <p.sawicki2@partner.samsung.com>
	Wed, 26 Jul 2017 12:28:59 +0000 (14:28 +0200)