projects / platform / core / security / cert-svc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7c1f3ea)
Fix svace defects 45/114745/1
authorsangwan.kwon <sangwan.kwon@samsung.com>
Wed, 8 Feb 2017 09:26:11 +0000 (18:26 +0900)
committersangwan.kwon <sangwan.kwon@samsung.com>
Wed, 15 Feb 2017 01:53:15 +0000 (10:53 +0900)
* Whole class member should be initialized.
* Check INT_MAX size.(overflow)
* Fix memory leak.

Change-Id: I428ef256f2165f7199f601c9b4e6ae503eafeb39
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
(cherry picked from commit 0145be068295e2e368007fc64fee5d2a8f1a29d2)
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
src/server/src/cert-server-logic.c patch | blob | history
src/vcore/XmlsecAdapter.cpp patch | blob | history
src/vcore/pkcs12.cpp patch | blob | history

diff --git a/src/server/src/cert-server-logic.c b/src/server/src/cert-server-logic.c
index d5ac988..74faa0d 100644 (file)
--- a/src/server/src/cert-server-logic.c
+++ b/src/server/src/cert-server-logic.c
@@ -467,6 +467,7 @@ int update_ca_certificate_file(char *cert)
                                result = write_to_ca_cert_crt_file("wb", cert);
                        else
                                result = write_to_ca_cert_crt_file("ab", cert);
+                       free(cert);
 
                        if (result != CERTSVC_SUCCESS) {
                                SLOGE("Failed to write to file.");
diff --git a/src/vcore/XmlsecAdapter.cpp b/src/vcore/XmlsecAdapter.cpp
index ed86288..7075afa 100644 (file)
--- a/src/vcore/XmlsecAdapter.cpp
+++ b/src/vcore/XmlsecAdapter.cpp
@@ -165,7 +165,9 @@ void LogDebugPrint(const char *file,
                LogDebug(buff);
 }
 
-XmlSec::XmlSec() : m_pList(nullptr)
+XmlSec::XmlSec() :
+       m_mode(ValidateMode::NORMAL),
+       m_pList(nullptr)
 {
        LIBXML_TEST_VERSION
        xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
diff --git a/src/vcore/pkcs12.cpp b/src/vcore/pkcs12.cpp
index fc29f56..d24a240 100644 (file)
--- a/src/vcore/pkcs12.cpp
+++ b/src/vcore/pkcs12.cpp
@@ -27,6 +27,7 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <limits.h>
 #include <string>
 #include <memory>
 #include <functional>
@@ -270,8 +271,8 @@ std::string readFromFile(const std::string &path)
        fseek(fp, 0L, SEEK_END);
        int len = ftell(fp);
 
-       if (len <= 0) {
-               LogError("Fail to get certificate length.");
+       if (len <= 0 || len == INT_MAX) {
+               LogError("Fail to get proper certificate.");
                return std::string();
        }
 
Domain: Security / Authentication;