Fixed memory initialization & NULL free issue.

author Varinder Pratap <varinder.p@samsung.com>

Mon, 23 Sep 2024 06:32:17 +0000 (12:02 +0530)

committer Varinder Pratap Singh <varinder.p@samsung.com>

Wed, 25 Sep 2024 10:06:53 +0000 (10:06 +0000)
author Varinder Pratap <varinder.p@samsung.com>
Mon, 23 Sep 2024 06:32:17 +0000 (12:02 +0530)
committer Varinder Pratap Singh <varinder.p@samsung.com>
Wed, 25 Sep 2024 10:06:53 +0000 (10:06 +0000)
diff --git a/src/sdb.c b/src/sdb.c

index 7b33f8a843b34071576dad0b65daf425a0e204c7..e078d0eca367a60db60b95b1e43676d36a0dbf34 100755 (executable)
--- a/src/sdb.c
+++ b/src/sdb.c
@@ -380,11 +380,9 @@ apacket *get_apacket(void)
  {
      apacket *p = malloc(sizeof(apacket));
      if(p == 0) {
-        // free only being done to resolve SVACE issue.
-        free(p) ;
          fatal("failed to allocate an apacket");
      }
-    memset(p, 0, sizeof(apacket) - MAX_PAYLOAD);
+    memset(p, 0, sizeof(apacket));
      return p;
  }
  
@@ -650,8 +648,13 @@ static void send_connect(atransport *t)
      if (extcmd != NULL) {
          char extbuf[BUF_SIZE] = {0,};
          snprintf(extbuf, sizeof extbuf, "::%s", extcmd);
-        strncat((char*) cp->data, extbuf, sizeof(cp->data) - strlen((const char*)cp->data)- 1);
+        if ((strlen((const char*)cp->data) + strlen(extbuf) + 1) <= sizeof(cp->data)) {
+           strncat((char*) cp->data, extbuf, sizeof(cp->data) - strlen((const char*)cp->data)- 1);
+        } else {
+            E("Buffer overflow detected while concatenating extcmd\n");
+        }
      }
+
      cp->msg.data_length = strlen((char*) cp->data) + 1;
      D("CNXN data: %s\n", (char*)cp->data);
author	Varinder Pratap <varinder.p@samsung.com>
	Mon, 23 Sep 2024 06:32:17 +0000 (12:02 +0530)
committer	Varinder Pratap Singh <varinder.p@samsung.com>
	Wed, 25 Sep 2024 10:06:53 +0000 (10:06 +0000)