e_comp: added buffer size check code to avoid buffer overflow when socket init

author Gwanglim Lee <gl77.lee@samsung.com>

Thu, 14 Dec 2017 02:40:46 +0000 (11:40 +0900)

committer Gwanglim Lee <gl77.lee@samsung.com>

Thu, 14 Dec 2017 05:37:10 +0000 (14:37 +0900)
author Gwanglim Lee <gl77.lee@samsung.com>
Thu, 14 Dec 2017 02:40:46 +0000 (11:40 +0900)
committer Gwanglim Lee <gl77.lee@samsung.com>
Thu, 14 Dec 2017 05:37:10 +0000 (14:37 +0900)
diff --git a/src/bin/e_comp.c b/src/bin/e_comp.c

index 8b0be312953c594e13704f8e53b9ee3e291651e2..f34c7e2b23bc73787277cb16ade962d86c42e4f6 100644 (file)
--- a/src/bin/e_comp.c
+++ b/src/bin/e_comp.c
@@ -2265,8 +2265,9 @@ e_comp_socket_init(const char *name)
     int res;
     E_Config_Socket_Access *sa = NULL;
     Eina_List *l = NULL;
+   int l_dir, l_name;
  #undef STRERR_BUFSIZE
-#define STRERR_BUFSIZE 128
+#define STRERR_BUFSIZE 1024
     char buf[STRERR_BUFSIZE];
  
     if (!name) return EINA_FALSE;
@@ -2274,6 +2275,18 @@ e_comp_socket_init(const char *name)
     dir = e_util_env_get("XDG_RUNTIME_DIR");
     if (!dir) return EINA_FALSE;
  
+   /* check whether buffer size is less than concatenated string which
+    * is made of XDG_RUNTIME_DIR, '/', socket name and NULL.
+    */
+   l_dir = strlen(dir);
+   l_name = strlen(name);
+   if ((l_dir + l_name + 2) > STRERR_BUFSIZE)
+     {
+        ERR("Size of buffer is not enough. dir:%s name:%s",
+            dir, name);
+        return EINA_FALSE;
+     }
+
     snprintf(socket_path, sizeof(socket_path), "%s/%s", dir, name);
     free(dir);
author	Gwanglim Lee <gl77.lee@samsung.com>
	Thu, 14 Dec 2017 02:40:46 +0000 (11:40 +0900)
committer	Gwanglim Lee <gl77.lee@samsung.com>
	Thu, 14 Dec 2017 05:37:10 +0000 (14:37 +0900)