projects / platform / core / telephony / libtcore.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ce991fe)
Fix heap buffer overflow 40/182840/2 accepted/tizen/unified/20180629.061625 submit/tizen/20180628.090836
authorsinikang <sinikang@samsung.com>
Thu, 28 Jun 2018 08:54:27 +0000 (17:54 +0900)
committersinikang <sinikang@samsung.com>
Thu, 28 Jun 2018 09:00:42 +0000 (18:00 +0900)
Change-Id: I452c7bbcf0a21e8048d4ba4eb32d0f0dbdb4cf5b

packaging/libtcore.spec patch | blob | history
src/util.c patch | blob | history

diff --git a/packaging/libtcore.spec b/packaging/libtcore.spec
index f9326af..ccde8f1 100644 (file)
--- a/packaging/libtcore.spec
+++ b/packaging/libtcore.spec
@@ -1,6 +1,6 @@
 %define major 0
 %define minor 3
-%define patchlevel 23
+%define patchlevel 24
 
 Name:           libtcore
 Version:        %{major}.%{minor}.%{patchlevel}
diff --git a/src/util.c b/src/util.c
index dc83798..0837989 100644 (file)
--- a/src/util.c
+++ b/src/util.c
@@ -346,7 +346,7 @@ static char *_convert_ucs_to_utf8(unsigned char *src, int src_len)
 
        memset(in_buf, 0x00, ileft + 2);
        memset(out_buf, 0x00, oleft + 1);
-       memcpy(in_buf, src, ileft);
+       memcpy(in_buf, src, src_len);
 
        in_buf[ileft] = '\0';
 
@@ -846,14 +846,15 @@ gboolean tcore_util_convert_string_to_utf8(unsigned char *dest, unsigned short *
                int tmp_str_len = 0;
                unsigned char *src_buf = NULL;
 
-               src_buf = (unsigned char *)malloc(src_len);
+               src_buf = (unsigned char *)malloc(src_len+1);
                if (src_buf == NULL) {
                        dbg("src_buf malloc failed.");
                        return FALSE;
                }
 
-               memset(src_buf, 0, src_len);
+               memset(src_buf, 0, src_len+1);
                memcpy(src_buf, src, src_len);
+               src_buf[src_len] = '\0';
 
                /*
                 * Get string length
@@ -2179,8 +2180,7 @@ gboolean tcore_util_convert_ipv4_secure_log(gchar *input, gchar *output, int out
                        int len = strlen(pch);
                        for (i = 0; i < len; i++)
                                g_strlcat(buf, "x", MAX_BUF_SIZE);
-               }
-               else
+               } else
                        g_strlcat(buf, pch, MAX_BUF_SIZE);
 
                pch = strtok_r(NULL, ".", &ptr);
@@ -2210,8 +2210,7 @@ gboolean tcore_util_convert_ipv6_secure_log(gchar *input, gchar *output, int out
                        int len = strlen(pch);
                        for (i = 0; i < len; i++)
                                g_strlcat(buf, "x", MAX_BUF_SIZE);
-               }
-               else
+               } else
                        g_strlcat(buf, pch, MAX_BUF_SIZE);
 
                pch = strtok_r(NULL, ":", &ptr);
Domain: Network & Connectivity / Telephony; Licenses: Apache-2.0;