e_comp: added buffer size check code to avoid buffer overflow when socket init

author Gwanglim Lee <gl77.lee@samsung.com>

Thu, 14 Dec 2017 02:40:46 +0000 (11:40 +0900)

committer Gwanglim Lee <gl77.lee@samsung.com>

Thu, 14 Dec 2017 02:40:46 +0000 (11:40 +0900)
author Gwanglim Lee <gl77.lee@samsung.com>
Thu, 14 Dec 2017 02:40:46 +0000 (11:40 +0900)
committer Gwanglim Lee <gl77.lee@samsung.com>
Thu, 14 Dec 2017 02:40:46 +0000 (11:40 +0900)
diff --git a/src/bin/e_comp.c b/src/bin/e_comp.c

index 3dda3468579038136f2fd5ddfc36681da88ffa80..e874e0d252d720970feff917bb742d59038f5b70 100644 (file)
--- a/src/bin/e_comp.c
+++ b/src/bin/e_comp.c
@@ -1117,8 +1117,9 @@ e_comp_socket_init(const char *name)
     int res;
     E_Config_Socket_Access *sa = NULL;
     Eina_List *l = NULL;
+   int l_dir, l_name;
  #undef STRERR_BUFSIZE
-#define STRERR_BUFSIZE 128
+#define STRERR_BUFSIZE 1024
     char buf[STRERR_BUFSIZE];
  
     if (!name) return EINA_FALSE;
@@ -1126,6 +1127,18 @@ e_comp_socket_init(const char *name)
     dir = e_util_env_get("XDG_RUNTIME_DIR");
     if (!dir) return EINA_FALSE;
  
+   /* check whether buffer size is less than concatenated string which
+    * is made of XDG_RUNTIME_DIR, '/', socket name and NULL.
+    */
+   l_dir = strlen(dir);
+   l_name = strlen(name);
+   if ((l_dir + l_name + 2) > STRERR_BUFSIZE)
+     {
+        ERR("Size of buffer is not enough. dir:%s name:%s",
+            dir, name);
+        return EINA_FALSE;
+     }
+
     snprintf(socket_path, sizeof(socket_path), "%s/%s", dir, name);
     free(dir);
author	Gwanglim Lee <gl77.lee@samsung.com>
	Thu, 14 Dec 2017 02:40:46 +0000 (11:40 +0900)
committer	Gwanglim Lee <gl77.lee@samsung.com>
	Thu, 14 Dec 2017 02:40:46 +0000 (11:40 +0900)