Fix Out-of-bounds access issue

Change-Id: I7f69a5c327226336c63f831c32d6d897ee690b05
Signed-off-by: Jaehyun Kim <jeik01.kim@samsung.com>

diff --git a/src/network-profile-intf.c b/src/network-profile-intf.c
index 1e64314..8d7cbc3 100755 (executable)
--- a/src/network-profile-intf.c
+++ b/src/network-profile-intf.c
@@ -3120,9 +3120,9 @@ static int __net_telephony_reset_profile(network_info_t *network_info, int type,
 
 static int __net_convert_string_to_ipv6_string(char *str, char **ip_address)
 {
-       int i = 1;
        int pos = 0;
        struct sockaddr_in6 sa;
+       char conv_str[INET6_ADDRSTRLEN] = {0,};
 
        *ip_address = (char *)malloc(INET6_ADDRSTRLEN);
        if (NULL == *ip_address) {
@@ -3131,17 +3131,17 @@ static int __net_convert_string_to_ipv6_string(char *str, char **ip_address)
        }
 
        /* Convert String without : to string with : */
-       for (i = 1; i < 8; i++) {
-               pos = 4 * i + i;
-               memmove(str + pos, str + pos - 1,
-                               strlen(str) - pos + 2 * i);
-               str[pos - 1] = ':';
+       for (int i = 0; i < 8; i++) {
+               pos = 4 * i;
+               if (pos > 0)
+                       conv_str[pos + i - 1] = ':';
+               memcpy(conv_str + pos + i, str + pos, 4);
        }
 
        /*
         * Convert "fe80:0000:0000:0000:0a00:27ff:fe7a:65ea to fe80::a00:27ff:fe7a:65ea
         */
-       inet_pton(AF_INET6, str, &(sa.sin6_addr));
+       inet_pton(AF_INET6, conv_str, &(sa.sin6_addr));
        inet_ntop(AF_INET6, &(sa.sin6_addr), *ip_address, INET6_ADDRSTRLEN);
 
        return NET_ERR_NONE;