[CID-23530,36000,41817,43904] fix bugs

- Unchecked return value
- Untrusted loop bound

Change-Id: Idc22e96c3aafd8bec559113aaa12762352e937d5
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>

diff --git a/include/http_private.h b/include/http_private.h
index faf6d64..aa25e34 100644 (file)
--- a/include/http_private.h
+++ b/include/http_private.h
@@ -223,7 +223,7 @@ int _set_authentication_info(http_transaction_h http_transaction);
 gchar* parse_values(const gchar* string, int from_index, int to_index);
 
 FILE* _get_upload_file(http_transaction_h http_transaction);
-void _open_upload_file(http_transaction_h http_transaction);
+int _open_upload_file(http_transaction_h http_transaction);
 void _close_upload_file(__http_transaction_h *http_transaction);
 
 void _http_transaction_start_timer(guint msecs, gboolean(*callback) (gpointer), void *user_data);

diff --git a/packaging/capi-network-http.spec b/packaging/capi-network-http.spec
index 0b3db89..d44f5ad 100644 (file)
--- a/packaging/capi-network-http.spec
+++ b/packaging/capi-network-http.spec
@@ -1,6 +1,6 @@
 Name:          capi-network-http
 Summary:       Http Framework
-Version:       0.0.29
+Version:       0.0.30
 Release:       0
 Group:         System/Network
 License:       Apache-2.0

diff --git a/src/http_header.c b/src/http_header.c
index bdba24a..d565701 100644 (file)
--- a/src/http_header.c
+++ b/src/http_header.c
@@ -88,15 +88,14 @@ API int http_transaction_header_remove_field(http_transaction_h http_transaction
        _retvm_if(header->hash_table == NULL, HTTP_ERROR_INVALID_OPERATION,
                        "There are no custom header\n");
 
-       g_hash_table_lookup_extended(header->hash_table, field_name, &orig_key, &orig_value);
-       if (g_hash_table_remove(header->hash_table, field_name)) {
-               if (orig_key)
+       if (g_hash_table_lookup_extended(header->hash_table, field_name, &orig_key, &orig_value)) {
+               if (g_hash_table_remove(header->hash_table, field_name)) {
                        g_free(orig_key);
-
-               if (orig_value)
                        g_free(orig_value);
-
-               return HTTP_ERROR_NONE;
+                       return HTTP_ERROR_NONE;
+               } else {
+                       return HTTP_ERROR_INVALID_OPERATION;
+               }
        } else {
                ERR("field_name doesn't exist!!");
                return HTTP_ERROR_INVALID_OPERATION;

diff --git a/src/http_request.c b/src/http_request.c
index 9f1fac7..7a81029 100644 (file)
--- a/src/http_request.c
+++ b/src/http_request.c
@@ -278,15 +278,20 @@ int _get_request_body_size(http_transaction_h http_transaction, int *body_size)
        return HTTP_ERROR_NONE;
 }
 
-void _open_upload_file(http_transaction_h http_transaction)
+int _open_upload_file(http_transaction_h http_transaction)
 {
        __http_transaction_h *transaction = (__http_transaction_h *)http_transaction;
        __http_request_h *request = transaction->request;
        struct stat file_info;
 
-       stat(request->upload_file, &file_info);
+       if (stat(request->upload_file, &file_info) != 0) {
+               ERR("stat() is failed.");
+               return HTTP_ERROR_OPERATION_FAILED;
+       }
        request->fp = fopen(request->upload_file, "rb");
        request->upload_size = (curl_off_t)file_info.st_size;
+
+       return HTTP_ERROR_NONE;
 }
 
 void _close_upload_file(__http_transaction_h *transaction)

diff --git a/src/http_transaction.c b/src/http_transaction.c
index a9ea3ec..396a21f 100644 (file)
--- a/src/http_transaction.c
+++ b/src/http_transaction.c
@@ -338,11 +338,10 @@ int _transaction_submit(gpointer user_data)
                curl_easy_setopt(transaction->easy_handle, CURLOPT_SSL_VERIFYHOST, 0);
 
        } else {
-                       curl_easy_setopt(transaction->easy_handle, CURLOPT_CAPATH, transaction->ca_path);
-                       DBG("CA path is (%s)", transaction->ca_path);
-
-               curl_easy_setopt(transaction->easy_handle, CURLOPT_SSL_VERIFYPEER, 0);
-               curl_easy_setopt(transaction->easy_handle, CURLOPT_SSL_VERIFYHOST, 2);
+               curl_easy_setopt(transaction->easy_handle, CURLOPT_CAPATH, transaction->ca_path);
+               DBG("CA path is (%s)", transaction->ca_path);
+               curl_easy_setopt(transaction->easy_handle, CURLOPT_SSL_VERIFYPEER, 1L);
+               curl_easy_setopt(transaction->easy_handle, CURLOPT_SSL_VERIFYHOST, 2L);
                curl_easy_setopt(transaction->easy_handle, CURLOPT_SSL_CIPHER_LIST, "HIGH");
        }
 
@@ -447,7 +446,9 @@ int _transaction_submit(gpointer user_data)
 
        /* Setup for PUT method */
        if (transaction->upload_event) {
-               _open_upload_file(transaction);
+               if (_open_upload_file(transaction) != HTTP_ERROR_NONE)
+                       return CURLM_INTERNAL_ERROR;
+
                curl_easy_setopt(transaction->easy_handle, CURLOPT_UPLOAD, 1L);
                curl_easy_setopt(transaction->easy_handle, CURLOPT_READFUNCTION, __handle_upload_cb);
                curl_easy_setopt(transaction->easy_handle, CURLOPT_READDATA, transaction);

diff --git a/test/http_test.c b/test/http_test.c
index 2142663..f86564d 100644 (file)
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -284,8 +284,10 @@ int test_multiple_get(void)
        printf("Input count of transactions(1~10): ");
        ret = scanf("%d", &count);
 
-       if (count > 10)
-               count = 10;
+       if (count < 0 || count > 10) {
+               printf("Invalid input!\n");
+               return 0;
+       }
 
        for (i = 0; i < count; i++) {
                char uri[1024];