projects / platform / core / account / fido-asm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ebdef11)
fix security defect 02/139902/1
authorjkjo92 <jkjo92@samsung.com>
Fri, 21 Jul 2017 03:23:40 +0000 (12:23 +0900)
committerjkjo92 <jkjo92@samsung.com>
Fri, 21 Jul 2017 03:23:40 +0000 (12:23 +0900)
Change-Id: Ia79761f53cacaba88f415cff1b53380b34e092dc
Signed-off-by: jkjo92 <jkjo92@samsung.com>
common/cryptoutil/inc/asmcrypto.h [changed mode: 0644->0755] patch | blob | history
common/cryptoutil/src/AsmCrypto.cpp [changed mode: 0644->0755] patch | blob | history
server/auth_discovery/src/RoamingUtil.cpp [changed mode: 0644->0755] patch | blob | history
test/shell_tc/fido_asm_shell_tc.cpp [changed mode: 0644->0755] patch | blob | history

diff --git a/common/cryptoutil/inc/asmcrypto.h b/common/cryptoutil/inc/asmcrypto.h
old mode 100644 (file)
new mode 100755 (executable)
diff --git a/common/cryptoutil/src/AsmCrypto.cpp b/common/cryptoutil/src/AsmCrypto.cpp
old mode 100644 (file)
new mode 100755 (executable)
index 24eb33d..8abdfe5
--- a/common/cryptoutil/src/AsmCrypto.cpp
+++ b/common/cryptoutil/src/AsmCrypto.cpp
@@ -40,8 +40,13 @@ void
 AsmCrypto::logDataToFile(const char *file_name_prefix, const char *data, int data_len)
 {
        char fn[128] = {0, };
+       char resolved_path[128];
        snprintf(fn, 127, "%s%s", LOG_FILE_PATH, file_name_prefix);
 
+       if(realpath(fn, resolved_path) == NULL) {
+               _ERR("realpath error");
+               return;
+       }
        FILE *fp = fopen(fn, "w+");
        if (fp == NULL)
                return;
@@ -57,8 +62,14 @@ void
 AsmCrypto::logRawDataToFile(const char *file_name_prefix, const unsigned char *data, int data_len)
 {
        char fn[128] = {0, };
+       char resolved_path[128];
        snprintf(fn, 127, "%s%s", LOG_FILE_PATH, file_name_prefix);
 
+       if(realpath(fn, resolved_path) == NULL) {
+               _ERR("realpath error");
+               return;
+       }
+
        FILE *fp = fopen(fn, "w+");
        if (fp == NULL)
                return;
@@ -179,6 +190,13 @@ AsmCrypto::getAsmToken(void)
                return macStr;
        }
 
+       char resolved_path[128];
+
+       if(realpath(ASM_CONFIG_FILE, resolved_path) == NULL) {
+               _ERR("realpath error");
+               return std::string();
+       }
+
        FILE *file = fopen(ASM_CONFIG_FILE, "r");
 
        if (file == NULL) {
diff --git a/server/auth_discovery/src/RoamingUtil.cpp b/server/auth_discovery/src/RoamingUtil.cpp
old mode 100644 (file)
new mode 100755 (executable)
index 9fd6b76..dd48827
--- a/server/auth_discovery/src/RoamingUtil.cpp
+++ b/server/auth_discovery/src/RoamingUtil.cpp
@@ -279,6 +279,8 @@ RoamingUtil::composeAuthGetInfoResponce(std::vector<GetAuthInfoResp*> *infoList)
        Buffer *getinfoRespBuff = encoderResp.encode();
        _INFO("RoamingUtil after TLV encode");
 
+       SAFE_DELETE(infoList);
+
        /*B64 encode*/
        return b64Encode(getinfoRespBuff->data, getinfoRespBuff->len);
 
diff --git a/test/shell_tc/fido_asm_shell_tc.cpp b/test/shell_tc/fido_asm_shell_tc.cpp
old mode 100644 (file)
new mode 100755 (executable)
Domain: Service Framework / Account; Licenses: Apache-2.0;