Fix for several issues detected by Prevent

author Mariusz Domanski <m.domanski@samsung.com>

Tue, 19 Feb 2013 15:43:15 +0000 (16:43 +0100)

committer Gerrit Code Review <gerrit2@kim11>

Thu, 21 Feb 2013 16:31:40 +0000 (01:31 +0900)
author Mariusz Domanski <m.domanski@samsung.com>
Tue, 19 Feb 2013 15:43:15 +0000 (16:43 +0100)
committer Gerrit Code Review <gerrit2@kim11>
Thu, 21 Feb 2013 16:31:40 +0000 (01:31 +0900)
diff --git a/src/security-srv/communication/security-server-comm.c b/src/security-srv/communication/security-server-comm.c

index d0a1e5a1a34c4cdbbe40db6470f996a3234072f8..56a4d148ffe88ac81d1d0419f80c017387b8e5e9 100644 (file)
--- a/src/security-srv/communication/security-server-comm.c
+++ b/src/security-srv/communication/security-server-comm.c
@@ -31,6 +31,7 @@
  #include <errno.h>
  #include <unistd.h>
  #include <sys/stat.h>
+#include <limits.h>
  
  #include "security-server-common.h"
  #include "security-server-comm.h"
@@ -1935,7 +1936,7 @@ int recv_check_privilege_new_request(int sockfd,
         }
  
         retval = read(sockfd, &alen, sizeof(int));
-       if(retval < sizeof(int) || alen < 0 || olen > MAX_MODE_STR_LEN)
+       if(retval < sizeof(int) || alen < 0 || alen > MAX_MODE_STR_LEN)
         {
                 SEC_SVR_DBG("error reading access_rights len: %d", retval);
                 return SECURITY_SERVER_ERROR_RECV_FAILED;
@@ -2004,6 +2005,13 @@ int recv_launch_tool_request(int sockfd, int argc, char *argv[])
                         return SECURITY_SERVER_ERROR_RECV_FAILED;
                 }
  
+               if(argv_len <= 0 || argv_len >= INT_MAX)
+               {
+                       SEC_SVR_DBG("Error: argv length out of boundaries");
+                       free_argv(argv, argc);
+                       return SECURITY_SERVER_ERROR_RECV_FAILED;
+               }
+
                 argv[i] = malloc(argv_len + 1);
                 if(argv[i] == NULL)
                 {
diff --git a/src/security-srv/include/security-server-password.h b/src/security-srv/include/security-server-password.h

index 7fa93776217e266961ff59ac870bdb3c5fe9f525..924153f080e98405af62b7249f664beaa90e49c4 100644 (file)
--- a/src/security-srv/include/security-server-password.h
+++ b/src/security-srv/include/security-server-password.h
@@ -32,6 +32,6 @@ int process_reset_pwd_request(int sockfd);
  int process_chk_pwd_request(int sockfd);
  int process_set_pwd_max_challenge_request(int sockfd);
  int process_set_pwd_validity_request(int sockfd);
-int init_try(void);
+void initiate_try(void);
  
  #endif
diff --git a/src/security-srv/server/security-server-cookie.c b/src/security-srv/server/security-server-cookie.c

index b7c4b4be7b293f83295c62f96d33257d7f8ba0ba..a084a11a621fd4fe1ed80f1f883b8a27a07d5838 100644 (file)
--- a/src/security-srv/server/security-server-cookie.c
+++ b/src/security-srv/server/security-server-cookie.c
@@ -325,7 +325,6 @@ int generate_random_cookie(unsigned char *cookie, int size)
                 ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
                 goto error;
         }
-       close(fd);
         ret = SECURITY_SERVER_SUCCESS;
  error:
         if(fd >= 0)
diff --git a/src/security-srv/server/security-server-main.c b/src/security-srv/server/security-server-main.c

index 3cb63b15ad7aff2f1a7054eb28f3cc8527e2e6b8..94fe1f578c042f48323b34b18aa4f3f88a80a0f0 100644 (file)
--- a/src/security-srv/server/security-server-main.c
+++ b/src/security-srv/server/security-server-main.c
@@ -1225,7 +1225,6 @@ void *security_server_main_thread(void *data)
  
         for(retval = 0 ; retval < SECURITY_SERVER_NUM_THREADS; retval++)
                 thread_status[retval] = 0;
-
         initiate_try();
  
         /* Create and bind a Unix domain socket */
diff --git a/src/security-srv/server/security-server-password.c b/src/security-srv/server/security-server-password.c

index 491f0aaee351eb1ea15a860de0342c7c4d4186f5..367b5d667a896a24a0fdfd77b8710c12231553eb 100644 (file)
--- a/src/security-srv/server/security-server-password.c
+++ b/src/security-srv/server/security-server-password.c
@@ -33,7 +33,7 @@
  
  struct timeval prev_try;
  
-int initiate_try()
+void initiate_try()
  {
         gettimeofday(&prev_try, NULL);
  }
@@ -1042,7 +1042,7 @@ int process_reset_pwd_request(int sockfd)
  
         /* Receive size of pwd */
         retval = read(sockfd, &new_pwd_len, sizeof(char));
-       if(retval < sizeof(char)  || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
+       if(retval < sizeof(char) || new_pwd_len < 0 || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
         {
                 SEC_SVR_DBG("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len);
                 retval = send_generic_response(sockfd,
author	Mariusz Domanski <m.domanski@samsung.com>
	Tue, 19 Feb 2013 15:43:15 +0000 (16:43 +0100)
committer	Gerrit Code Review <gerrit2@kim11>
	Thu, 21 Feb 2013 16:31:40 +0000 (01:31 +0900)
src/security-srv/communication/security-server-comm.c		patch \| blob \| history
src/security-srv/include/security-server-password.h		patch \| blob \| history
src/security-srv/server/security-server-cookie.c		patch \| blob \| history
src/security-srv/server/security-server-main.c		patch \| blob \| history
src/security-srv/server/security-server-password.c		patch \| blob \| history