Check received data length

author Hwankyu Jhun <h.jhun@samsung.com>

Sun, 15 Jul 2018 23:37:02 +0000 (08:37 +0900)

committer Hwankyu Jhun <h.jhun@samsung.com>

Mon, 16 Jul 2018 01:18:47 +0000 (10:18 +0900)
author Hwankyu Jhun <h.jhun@samsung.com>
Sun, 15 Jul 2018 23:37:02 +0000 (08:37 +0900)
committer Hwankyu Jhun <h.jhun@samsung.com>
Mon, 16 Jul 2018 01:18:47 +0000 (10:18 +0900)
diff --git a/src/launchpad_common.c b/src/launchpad_common.c

index 79adfc6..5ed5b8b 100644 (file)
--- a/src/launchpad_common.c
+++ b/src/launchpad_common.c
@@ -53,6 +53,7 @@
  #define PATH_AMD_SOCK "/run/aul/daemons/.amd-sock"
  #define PATH_DEV_NULL "/dev/null"
  #define MAX_TEP_IS_MOUNT_RETRY_CNT 100
+#define MAX_PAYLOAD_SIZE (1024 * 1024 * 1)
  
  #define TEP_BUS_NAME                   "org.tizen.system.deviced"
  #define TEP_OBJECT_PATH                        "/Org/Tizen/System/DeviceD/Tzip"
@@ -349,6 +350,11 @@ retry_recv:
         memcpy(&datalen, buf + sizeof(int), sizeof(int));
         memcpy(&opt, buf + sizeof(int) + sizeof(int), sizeof(int));
  
+       if (datalen < 0 || datalen > MAX_PAYLOAD_SIZE) {
+               _E("Invalid protocol. datalen(%d)", datalen);
+               return NULL;
+       }
+
         /* allocate for a null byte */
         pkt = (app_pkt_t *)calloc(1, AUL_PKT_HEADER_SIZE + datalen + 1);
         if (pkt == NULL) {
author	Hwankyu Jhun <h.jhun@samsung.com>
	Sun, 15 Jul 2018 23:37:02 +0000 (08:37 +0900)
committer	Hwankyu Jhun <h.jhun@samsung.com>
	Mon, 16 Jul 2018 01:18:47 +0000 (10:18 +0900)