Fix buffer overflow issue

author Wootak Jung <wootak.jung@samsung.com>

Tue, 30 May 2017 06:00:38 +0000 (15:00 +0900)

committer Wootak Jung <wootak.jung@samsung.com>

Tue, 30 May 2017 06:00:38 +0000 (15:00 +0900)
author Wootak Jung <wootak.jung@samsung.com>
Tue, 30 May 2017 06:00:38 +0000 (15:00 +0900)
committer Wootak Jung <wootak.jung@samsung.com>
Tue, 30 May 2017 06:00:38 +0000 (15:00 +0900)
diff --git a/module/src/callmgr-telephony.c b/module/src/callmgr-telephony.c

index c970b1761f29c3d7c001d24b3c78577936e268b0..02ffffc8abae33b006b6c7ccaa346a4bc481e804 100644 (file)
--- a/module/src/callmgr-telephony.c
+++ b/module/src/callmgr-telephony.c
@@ -1037,8 +1037,10 @@ static void __callmgr_telephony_handle_network_events(TapiHandle *handle, const
                         char mnc_value[4] = {0,};
                         info("plmn_value = [%s]", plmn);
  
-                       g_strlcpy(mcc_value, plmn, 4);
-                       g_strlcpy(mnc_value, plmn+3, 4);
+                       if (plmn != NULL && strlen(plmn) > 3) {
+                               g_strlcpy(mcc_value, plmn, 4);
+                               g_strlcpy(mnc_value, plmn + 3, 4);
+                       }
  
                         modem_info->net_mcc = (unsigned long)atoi(mcc_value);
                         modem_info->net_mnc = (unsigned long)atoi(mnc_value);
@@ -1676,14 +1678,14 @@ static int __callmgr_telephony_get_network_mcc_mnc(callmgr_telephony_t telephony
                 return -1;
         }
  
-       if (0 == ret && plmn != NULL) {
+       if (0 == ret && plmn != NULL && strlen(plmn) > 3) {
                 char mcc_value[4] = {0,};
                 char mnc_value[4] = {0,};
  
                 info("plmn_value = [%s]", plmn);
  
                 g_strlcpy(mcc_value, plmn, 4);
-               g_strlcpy(mnc_value, plmn+3, 4);
+               g_strlcpy(mnc_value, plmn + 3, 4);
  
                 *mcc = (unsigned long)atoi(mcc_value);
                 *mnc = (unsigned long)atoi(mnc_value);
diff --git a/packaging/call-manager.spec b/packaging/call-manager.spec

index a1a73c564f2f5a8ba9884c6df59fe120761e7063..6bcb221bae87bbc4184a444b4e7e971d50b70b71 100644 (file)
--- a/packaging/call-manager.spec
+++ b/packaging/call-manager.spec
@@ -1,6 +1,6 @@
  %define major 0
  %define minor 2
-%define patchlevel 14
+%define patchlevel 15
  %define ext_feature 0
  
  Name:           call-manager
author	Wootak Jung <wootak.jung@samsung.com>
	Tue, 30 May 2017 06:00:38 +0000 (15:00 +0900)
committer	Wootak Jung <wootak.jung@samsung.com>
	Tue, 30 May 2017 06:00:38 +0000 (15:00 +0900)
module/src/callmgr-telephony.c		patch \| blob \| history
packaging/call-manager.spec		patch \| blob \| history