Fix vulnerability for strncmp

The strcmp function is used when you compare the whole rather than
a part of two strings (prefix).

Change-Id: Ibb539659243fbc8b97b70f49a8362dd4ca45f61e
Signed-off-by: Inkyun Kil <inkyun.kil@samsung.com>

diff --git a/lib/alarm-lib-dbus.c b/lib/alarm-lib-dbus.c
index a220524..7ace21d 100644 (file)
--- a/lib/alarm-lib-dbus.c
+++ b/lib/alarm-lib-dbus.c
@@ -197,7 +197,7 @@ bool _send_alarm_create(alarm_context_t context, base_info_t *base_info,
        /*TODO: Dbus bus name validation is must & will be added to avoid alarm-server crash*/
        if (context.app_service_name == NULL
                        && strlen(dst_service_name) == 4
-                       && strncmp(dst_service_name, "null", 4) == 0) {
+                       && strcmp(dst_service_name, "null") == 0) {
                LOGE("Invalid arg. Provide valid destination or call alarmmgr_init()\n");
                if (error_code)
                        *error_code = ERR_ALARM_INVALID_PARAM;

diff --git a/server/alarm-manager-util.c b/server/alarm-manager-util.c
index e3daf64..8533a9c 100644 (file)
--- a/server/alarm-manager-util.c
+++ b/server/alarm-manager-util.c
@@ -42,8 +42,8 @@ static int __bg_category_func(const char *name, void *user_data)
 {
        bg_category_cb_info_t *info = (bg_category_cb_info_t *)user_data;
        LOGD("appid[%s], bg name = %s", info->appid, name);
-       if (name && strncmp("enable", name, strlen(name)) &&
-                       strncmp("disable", name, strlen(name))) {
+       if (name && strcmp("enable", name) &&
+                       strcmp("disable", name)) {
                info->has_bg = true;
                return -1;
        }
@@ -229,7 +229,7 @@ int _is_ui_app(const char *appid, uid_t uid)
                return 0;
 
        ret = pkgmgrinfo_appinfo_get_component_type(appinfo_h, &component);
-       if (ret == 0 && component != NULL && strncmp(component, "uiapp", 5) == 0)
+       if (ret == 0 && component != NULL && strcmp(component, "uiapp") == 0)
                found = 1;
 
        if (appinfo_h)

diff --git a/server/alarm-manager.c b/server/alarm-manager.c
index 4bb3a3e..38e4943 100644 (file)
--- a/server/alarm-manager.c
+++ b/server/alarm-manager.c
@@ -1279,7 +1279,7 @@ static int __find_login_user(uid_t *uid)
                        free(uids);
                        return -1;
                } else {
-                       if (!strncmp(state, "online", 6)) {
+                       if (!strcmp(state, "online")) {
                                *uid = uids[i];
                                free(uids);
                                free(state);
@@ -1724,13 +1724,13 @@ static int __on_app_enable_cb(uid_t target_uid, int req_id,
        __alarm_info_t *entry = NULL;
        bool is_restored = false;
 
-       if (key && strncmp(key, "end", 3) == 0 && val && strncmp(val, "ok", 2) == 0) {
+       if (key && strcmp(key, "end") == 0 && val && strcmp(val, "ok") == 0) {
                SECURE_LOGD("Enable appid(%s)", appid);
                for (gs_iter = g_disabled_alarm_list; gs_iter != NULL; ) {
                        entry = (__alarm_info_t *)gs_iter->data;
 
                        gs_iter = g_slist_next(gs_iter);
-                       if (strncmp(appid, entry->app_unique_name, strlen(appid)) == 0) {
+                       if (strcmp(appid, entry->app_unique_name) == 0) {
                                _alarm_set_next_duetime(entry);
                                SECURE_LOGD("Restore alarm_id(%d) duetime(%d) appid(%s)",
                                                entry->alarm_id, (int)(entry->due_time), appid);
@@ -1764,13 +1764,13 @@ static int __on_app_disable_cb(uid_t target_uid, int req_id,
        __alarm_info_t *entry = NULL;
        bool is_disabled = false;
 
-       if (key && strncmp(key, "end", 3) == 0 && val && strncmp(val, "ok", 2) == 0) {
+       if (key && strcmp(key, "end") == 0 && val && strcmp(val, "ok") == 0) {
                SECURE_LOGD("Disable appid(%s)", appid);
                for (gs_iter = alarm_context.alarms; gs_iter != NULL; ) {
                        entry = (__alarm_info_t *)gs_iter->data;
 
                        gs_iter = g_slist_next(gs_iter);
-                       if (strncmp(appid, entry->app_unique_name, strlen(appid)) == 0) {
+                       if (strcmp(appid, entry->app_unique_name) == 0) {
                                if (!(entry->base_info.alarm_type & ALARM_TYPE_VOLATILE))
                                        _update_db_for_disabled_alarm(entry->alarm_id, true);
                                g_disabled_alarm_list = g_slist_append(g_disabled_alarm_list, entry);
@@ -1801,7 +1801,7 @@ static int __on_app_installed(uid_t target_uid, int req_id, const char *pkg_type
        if (using_rtc && GET_POWER_SAVING_MODE() == -1)
                return ALARMMGR_RESULT_SUCCESS;
 
-       if ((key && strncmp(key, "end", 3) != 0) || (val && strncmp(val, "ok", 2) != 0))
+       if ((key && strcmp(key, "end") != 0) || (val && strcmp(val, "ok") != 0))
                return ALARMMGR_RESULT_SUCCESS;
 
        if (g_slist_length(g_disabled_alarm_list) == 0)
@@ -1814,8 +1814,8 @@ static int __on_app_installed(uid_t target_uid, int req_id, const char *pkg_type
                const char *callee_pkgid = entry->callee_pkgid;
 
                gs_iter = g_slist_next(gs_iter);
-               if ((caller_pkgid && strncmp(pkgid, caller_pkgid, strlen(pkgid)) == 0) ||
-                       (callee_pkgid && strncmp(pkgid, callee_pkgid, strlen(pkgid)) == 0)) {
+               if ((caller_pkgid && strcmp(pkgid, caller_pkgid) == 0) ||
+                       (callee_pkgid && strcmp(pkgid, callee_pkgid) == 0)) {
                        _alarm_set_next_duetime(entry);
                        alarm_context.alarms = g_slist_append(alarm_context.alarms, entry);
                        g_disabled_alarm_list = g_slist_remove(g_disabled_alarm_list, entry);
@@ -1848,7 +1848,7 @@ static int __on_app_uninstalled(uid_t target_uid, int req_id, const char *pkg_ty
 
        SECURE_LOGD("pkg_type(%s), pkgid(%s), key(%s), value(%s)", pkg_type, pkgid, key, val);
 
-       if ((key && strncmp(key, "end", 3) != 0) || (val && strncmp(val, "ok", 2) != 0))
+       if ((key && strcmp(key, "end") != 0) || (val && strcmp(val, "ok") != 0))
                return ALARMMGR_RESULT_SUCCESS;
 
        if (using_rtc)
@@ -1861,8 +1861,8 @@ static int __on_app_uninstalled(uid_t target_uid, int req_id, const char *pkg_ty
                const char *callee_pkgid = entry->callee_pkgid;
 
                gs_iter = g_slist_next(gs_iter);
-               if ((caller_pkgid && strncmp(pkgid, caller_pkgid, strlen(pkgid)) == 0) ||
-                       (callee_pkgid && strncmp(pkgid, callee_pkgid, strlen(pkgid)) == 0)) {
+               if ((caller_pkgid && strcmp(pkgid, caller_pkgid) == 0) ||
+                       (callee_pkgid && strcmp(pkgid, callee_pkgid) == 0)) {
                        if (_remove_from_scheduled_alarm_list(entry->uid, entry->alarm_id))
                                is_deleted = true;
 
@@ -2651,7 +2651,7 @@ int alarm_manager_alarm_delete_all(GVariant *parameters, uid_t uid, pid_t pid,
                entry = (__alarm_info_t*)gs_iter->data;
                const char *tmp_appname = entry->app_unique_name;
                SECURE_LOGD("Try to remove app_name[%s], alarm_id[%d]\n", tmp_appname, entry->alarm_id);
-               if (tmp_appname && strncmp(app_name, tmp_appname, strlen(tmp_appname)) == 0) {
+               if (tmp_appname && strcmp(app_name, tmp_appname) == 0) {
                        if (_remove_from_scheduled_alarm_list(uid, entry->alarm_id))
                                is_deleted = true;
 
@@ -2759,7 +2759,7 @@ int alarm_manager_alarm_get_number_of_ids(uid_t uid, pid_t pid,
                entry = (__alarm_info_t*)gs_iter->data;
                SECURE_LOGD("app_name=%s, app_unique_name=%s", app_name, entry->app_unique_name);
                if (entry->uid == uid &&
-                               strncmp(app_name, entry->app_unique_name, strlen(app_name)) == 0) {
+                               strcmp(app_name, entry->app_unique_name) == 0) {
                        (_num_of_ids)++;
                        SECURE_LOGD("inc number of alarms of app (uid:%d, pid:%d, unique_name:%s) is %d.", uid, pid, app_name, _num_of_ids);
                }
@@ -2795,7 +2795,7 @@ int alarm_manager_alarm_get_list_of_ids(GVariant *parameters, uid_t uid,
        for (gs_iter = alarm_context.alarms; gs_iter != NULL; gs_iter = g_slist_next(gs_iter)) {
                entry = (__alarm_info_t*)gs_iter->data;
                if (entry->uid == uid &&
-                               strncmp(app_name, (entry->app_unique_name), strlen(app_name)) == 0) {
+                               strcmp(app_name, (entry->app_unique_name)) == 0) {
                        g_variant_builder_add(alarm_array, "(i)", entry->alarm_id);
                        index++;
                        SECURE_LOGE("called for alarmid(%d), but max_number_of_ids(%d) index %d.", entry->alarm_id, max_number_of_ids, index);