Avoid the possibility of buffer overflow tizen_2.2 2.2.1_release submit/tizen_2.2/20131107.061946
authorHyunbin Lee <hyunbin.lee@samsung.com>
Thu, 24 Oct 2013 01:56:37 +0000 (10:56 +0900)
committerHyunbin Lee <hyunbin.lee@samsung.com>
Thu, 24 Oct 2013 11:29:06 +0000 (20:29 +0900)
Change-Id: I7394946366ace1d4fbc679824ee26b47143c816c
Signed-off-by: Hyunbin Lee <hyunbin.lee@samsung.com>
src/osp-env-config.c

index 5a93678..3030303 100644 (file)
 #define _SECURE_LOGE(...)
 #endif
 
-static const char _OSP_COMPAT_SHARED_PATH[] = "/opt/usr/share/.osp-compat/\0";
-static const char _EXT_OSP_HOME_PATH[] = "/opt/storage/sdcard/osp/\0";
+static const char _OSP_COMPAT_SHARED_PATH[] = "/opt/usr/share/.osp-compat/";
+static const char _EXT_OSP_HOME_PATH[] = "/opt/storage/sdcard/osp/";
 static const char OSP_COMPAT_LIB[] = "/usr/lib/osp/libosp-compat.so";
+static const int MAX_PACKAGE_ID = NAME_MAX;
 
 struct _path_info
 {
@@ -80,9 +81,18 @@ get_app_rootpath_from_path(const char* bin_path)
 
        /* e.g., The specified bin_path is "/opt/apps/com.samsung.basicapp/bin/basicapp" */
        length = strlen(bin_path);
+       if (length > (PATH_MAX - 1))
+       {
+               LOGE("bin path (%s) is too long", bin_path);
+               return NULL;
+       }
+
        app_rootpath = (char *)malloc(length + 1);
        if(app_rootpath == NULL)
+       {
+               LOGE("malloc() failed, errno: %d (%s)", errno, strerror(errno));
                return NULL;
+       }
 
        memset(app_rootpath, '\0', length + 1);
        strncpy(app_rootpath, bin_path, length);
@@ -268,14 +278,14 @@ mount_osp_internal_paths(const char* app_rootpath, const char* pkgid)
 
        strncpy(osp_share_pkgid_path, _OSP_COMPAT_SHARED_PATH, strlen(_OSP_COMPAT_SHARED_PATH));
        strncat(osp_share_pkgid_path, "share/", 6);
-       strncat(osp_share_pkgid_path, pkgid, strlen(pkgid));
+       strncat(osp_share_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
        strncpy(osp_share2_pkgid_path, _OSP_COMPAT_SHARED_PATH, strlen(_OSP_COMPAT_SHARED_PATH));
        strncat(osp_share2_pkgid_path, "share2/", 7);
-       strncat(osp_share2_pkgid_path, pkgid, strlen(pkgid));
+       strncat(osp_share2_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
-       strncpy(mount_info[0].src_path, osp_share_pkgid_path, strlen(osp_share_pkgid_path));
-       strncpy(mount_info[1].src_path, osp_share2_pkgid_path, strlen(osp_share2_pkgid_path));
+       strncpy(mount_info[0].src_path, osp_share_pkgid_path, PATH_MAX - 1);
+       strncpy(mount_info[1].src_path, osp_share2_pkgid_path, PATH_MAX - 1);
 
        if (chdir(app_rootpath) != 0)
        {
@@ -406,27 +416,27 @@ create_osp_external_paths(const char* app_rootpath, const char* pkgid)
 
        strncpy(osp_ext_apps_pkgid_path, _EXT_OSP_HOME_PATH, strlen(_EXT_OSP_HOME_PATH));
        strncat(osp_ext_apps_pkgid_path, "apps/", 5);
-       strncat(osp_ext_apps_pkgid_path, pkgid, strlen(pkgid));
+       strncat(osp_ext_apps_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
-       strncpy(osp_ext_apps_pkgid_share_path, osp_ext_apps_pkgid_path, strlen(osp_ext_apps_pkgid_path));
+       strncpy(osp_ext_apps_pkgid_share_path, osp_ext_apps_pkgid_path, PATH_MAX - 1);
        strncat(osp_ext_apps_pkgid_share_path, "/Share", 6);
 
-       strncpy(osp_ext_apps_pkgid_share2_path, osp_ext_apps_pkgid_path, strlen(osp_ext_apps_pkgid_path));
+       strncpy(osp_ext_apps_pkgid_share2_path, osp_ext_apps_pkgid_path, PATH_MAX - 1);
        strncat(osp_ext_apps_pkgid_share2_path, "/Share2", 7);
 
        strncpy(osp_ext_share_pkgid_path, _EXT_OSP_HOME_PATH, strlen(_EXT_OSP_HOME_PATH));
        strncat(osp_ext_share_pkgid_path, "share/", 6);
-       strncat(osp_ext_share_pkgid_path, pkgid, strlen(pkgid));
+       strncat(osp_ext_share_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
        strncpy(osp_ext_share2_pkgid_path, _EXT_OSP_HOME_PATH, strlen(_EXT_OSP_HOME_PATH));
        strncat(osp_ext_share2_pkgid_path, "share2/", 7);
-       strncat(osp_ext_share2_pkgid_path, pkgid, strlen(pkgid));
+       strncat(osp_ext_share2_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
-       strncpy(external_dirs[7].path, osp_ext_apps_pkgid_path, strlen(osp_ext_apps_pkgid_path));
-       strncpy(external_dirs[8].path, osp_ext_apps_pkgid_share_path, strlen(osp_ext_apps_pkgid_share_path));
-       strncpy(external_dirs[9].path, osp_ext_apps_pkgid_share2_path, strlen(osp_ext_apps_pkgid_share2_path));
-       strncpy(external_dirs[10].path, osp_ext_share_pkgid_path, strlen(osp_ext_share_pkgid_path));
-       strncpy(external_dirs[11].path, osp_ext_share2_pkgid_path, strlen(osp_ext_share2_pkgid_path));
+       strncpy(external_dirs[7].path, osp_ext_apps_pkgid_path, PATH_MAX - 1);
+       strncpy(external_dirs[8].path, osp_ext_apps_pkgid_share_path, PATH_MAX - 1);
+       strncpy(external_dirs[9].path, osp_ext_apps_pkgid_share2_path, PATH_MAX - 1);
+       strncpy(external_dirs[10].path, osp_ext_share_pkgid_path, PATH_MAX - 1);
+       strncpy(external_dirs[11].path, osp_ext_share2_pkgid_path, PATH_MAX - 1);
 
        if (chdir(app_rootpath) != 0)
        {
@@ -466,19 +476,19 @@ mount_osp_external_paths(const char* app_rootpath, const char* pkgid)
 
        strncpy(osp_ext_apps_pkgid_path, _EXT_OSP_HOME_PATH, strlen(_EXT_OSP_HOME_PATH));
        strncat(osp_ext_apps_pkgid_path, "apps/", 5);
-       strncat(osp_ext_apps_pkgid_path, pkgid, strlen(pkgid));
+       strncat(osp_ext_apps_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
        strncpy(osp_ext_share_pkgid_path, _EXT_OSP_HOME_PATH, strlen(_EXT_OSP_HOME_PATH));
        strncat(osp_ext_share_pkgid_path, "share/", 6);
-       strncat(osp_ext_share_pkgid_path, pkgid, strlen(pkgid));
+       strncat(osp_ext_share_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
        strncpy(osp_ext_share2_pkgid_path, _EXT_OSP_HOME_PATH, strlen(_EXT_OSP_HOME_PATH));
        strncat(osp_ext_share2_pkgid_path, "share2/", 7);
-       strncat(osp_ext_share2_pkgid_path, pkgid, strlen(pkgid));
+       strncat(osp_ext_share2_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
-       strncpy(mount_info[3].src_path, osp_ext_apps_pkgid_path, strlen(osp_ext_apps_pkgid_path));
-       strncpy(mount_info[4].src_path, osp_ext_share_pkgid_path, strlen(osp_ext_share_pkgid_path));
-       strncpy(mount_info[5].src_path, osp_ext_share2_pkgid_path, strlen(osp_ext_share2_pkgid_path));
+       strncpy(mount_info[3].src_path, osp_ext_apps_pkgid_path, PATH_MAX - 1);
+       strncpy(mount_info[4].src_path, osp_ext_share_pkgid_path, PATH_MAX - 1);
+       strncpy(mount_info[5].src_path, osp_ext_share2_pkgid_path, PATH_MAX - 1);
 
        if (chdir(app_rootpath) != 0)
        {
@@ -636,31 +646,30 @@ ERROR:
 }
 
 int
-do_pre_exec(const char* package_name, const char* bin_path)
+do_pre_exec(const char* app_id, const char* bin_path)
 {
        char* app_rootpath = NULL;
        char app_compat_path[PATH_MAX] = { 0, };
-       const char app_compat_file[] = "/info/compat.info\0";
-       char osp_app_data_path[PATH_MAX] = { 0, };
+       const char app_compat_file[] = "/info/compat.info";
+       char app_data_path[PATH_MAX] = { 0, };
        int osp_compat = 0;
 
-       _SECURE_LOGI("do_pre_exec() is called, app name: %s, binary path: %s", package_name, bin_path);
-
        app_rootpath = get_app_rootpath_from_path(bin_path);
 
-       strncpy(app_compat_path, app_rootpath, strlen(app_rootpath));
+       strncpy(app_compat_path, app_rootpath, PATH_MAX - 1);
        strncat(app_compat_path, app_compat_file, strlen(app_compat_file));
        if (access(app_compat_path, F_OK) == 0)
        {
                osp_compat = 1;
        }
 
-       appinfo_init(package_name, 0);
+       appinfo_init(app_id, 0);
        appinfo_set_compat(osp_compat);
 
        const char* package_id = appinfo_get_packageid();
 
-       _SECURE_LOGI("package id: %s, binary path: %s, OSP compat: %d", package_id, bin_path, osp_compat);
+       _SECURE_LOGI("do_pre_exec() is called, bin path: %s, app root: %s, app id: %s, pkg id: %s, osp-compatible: %d",
+                       bin_path, app_rootpath, app_id, package_id, osp_compat);
 
        // FIXME: Temporary code with security risk
        prctl(PR_SET_KEEPCAPS, 1);
@@ -674,7 +683,7 @@ do_pre_exec(const char* package_name, const char* bin_path)
 
        char virtual_root_file[PATH_MAX] = { 0, };
        const char virtual_root_info[] = "/info/virtualroot.info";
-       strncpy(virtual_root_file, app_rootpath, strlen(app_rootpath));
+       strncpy(virtual_root_file, app_rootpath, PATH_MAX - 1);
        strncat(virtual_root_file, virtual_root_info, strlen(virtual_root_info));
        if (access(virtual_root_file, F_OK) == 0)
        {
@@ -706,12 +715,12 @@ do_pre_exec(const char* package_name, const char* bin_path)
 
        // API version is equal to or greater than Tizen 2.0
        // Set current working dir to "/opt/apps/{pkgId}/data"
-       strncpy(osp_app_data_path, app_rootpath, strlen(app_rootpath));
-       strncat(osp_app_data_path, "/data", strlen("/data"));
+       strncpy(app_data_path, app_rootpath, PATH_MAX - 1);
+       strncat(app_data_path, "/data", strlen("/data"));
 
-       if (chdir(osp_app_data_path) != 0)
+       if (chdir(app_data_path) != 0)
        {
-               LOGE("chdir() failed, path: %s, errno: %d (%s)", osp_app_data_path, errno, strerror(errno));
+               LOGE("chdir() failed, path: %s, errno: %d (%s)", app_data_path, errno, strerror(errno));
                goto ERROR;
        }