Fix vulnerability

Guarantee of null termination of string

Change-Id: I821891de257d47abf9429edc41eb0d878de36f0b
Signed-off-by: Sunmin Lee <sunm.lee@samsung.com>

diff --git a/ss_engine/fota_tar.c b/ss_engine/fota_tar.c
index 7f8ba304e0f439dfa5de8d8ae97babe3972f0163..faf9f042e09a876eae74ac3f19de4c8df1ba6d94 100755 (executable)
--- a/ss_engine/fota_tar.c
+++ b/ss_engine/fota_tar.c
@@ -576,7 +576,8 @@ tar_Data_t *tar_build_cfg_table(char *tar)
                                ret = -1;
                                break;
                        }
-                       strncpy((char *)newnode->itemName, uExtendedName, sizeof(newnode->itemName));
+                       memset(newnode->itemName, 0, sizeof(newnode->itemName));
+                       strncpy((char *)newnode->itemName, uExtendedName, sizeof(newnode->itemName) - 1);
                        newnode->itemOffset = itemOffset;
                        newnode->itemSize = itemSize;
                        newnode->nextnode = NULL;