Fix invalid memory read bug

Fixed a bug that tries to memcpy(read) 4*4bytes(AF_INET6) even
when the ai_family is AF_INET(4bytes).

Change-Id: I7570b40396d62c3c508cf5a290c97ff8403ee396
Signed-off-by: Youmin Ha <youmin.ha@samsung.com>

diff --git a/src/common/tlm-utils.c b/src/common/tlm-utils.c
index 7ddc22ad1813884171409bd04f3b39622ce79d39..d2a957ed8d62d73817ff21c8bb7ec7c713d53147 100644 (file)
--- a/src/common/tlm-utils.c
+++ b/src/common/tlm-utils.c
@@ -182,14 +182,14 @@ _get_tty_id (
     return id;
 }
 
-static gchar *
+static size_t
 _get_host_address (
-        const gchar *hostname)
+        const gchar *hostname, gchar** hostaddress)
 {
-    gchar *hostaddress = NULL;
     struct addrinfo hints, *info = NULL;
+    size_t sz_hostaddress = 0;
 
-    if (!hostname) return NULL;
+    if (!hostname) return 0;
 
     memset (&hints, 0, sizeof (hints));
     hints.ai_flags = AI_ADDRCONFIG;
@@ -198,18 +198,19 @@ _get_host_address (
         if (info) {
             if (info->ai_family == AF_INET) {
                 struct sockaddr_in *sa = (struct sockaddr_in *) info->ai_addr;
-                hostaddress = g_malloc0 (sizeof(struct in_addr));
-                memcpy (hostaddress, &(sa->sin_addr), sizeof (struct in_addr));
+                sz_hostaddress = sizeof(struct in_addr);
+                *hostaddress = g_malloc0 (sz_hostaddress);
+                memcpy (*hostaddress, &(sa->sin_addr), sz_hostaddress);
             } else if (info->ai_family == AF_INET6) {
                 struct sockaddr_in6 *sa = (struct sockaddr_in6 *) info->ai_addr;
-                hostaddress = g_malloc0 (sizeof(struct in6_addr));
-                memcpy (hostaddress, &(sa->sin6_addr),
-                        sizeof (struct in6_addr));
+                sz_hostaddress = sizeof(struct in6_addr);
+                *hostaddress = g_malloc0 (sz_hostaddress);
+                memcpy (*hostaddress, &(sa->sin6_addr), sz_hostaddress);
             }
             freeaddrinfo (info);
         }
     }
-    return hostaddress;
+    return sz_hostaddress;
 }
 
 static gboolean
@@ -254,13 +255,14 @@ tlm_utils_log_utmp_entry (const gchar *username)
     struct utmp ut_ent;
     struct utmp *ut_tmp = NULL;
     gchar *hostname = NULL, *hostaddress = NULL;
+    size_t sz_hostaddress;
     const gchar *tty_name = NULL;
     gchar *tty_no_dev_name = NULL, *tty_id = NULL;
 
     DBG ("Log session entry to utmp/wtmp");
 
     hostname = _get_host_name ();
-    hostaddress = _get_host_address (hostname);
+    sz_hostaddress = _get_host_address (hostname, &hostaddress);
     tty_name = ttyname (0);
     if (tty_name) {
         tty_no_dev_name = g_strdup (strncmp(tty_name, "/dev/", 5) == 0 ?
@@ -295,7 +297,7 @@ tlm_utils_log_utmp_entry (const gchar *username)
     if (hostname)
         strncpy (ut_ent.ut_host, hostname, sizeof (ut_ent.ut_host));
     if (hostaddress)
-        memcpy (&ut_ent.ut_addr_v6, hostaddress, sizeof (ut_ent.ut_addr_v6));
+        memcpy (&ut_ent.ut_addr_v6, hostaddress, sz_hostaddress);
 
     ut_ent.ut_session = getsid (0);
     gettimeofday (&tv, NULL);

diff --git a/src/daemon/tlm-manager.c b/src/daemon/tlm-manager.c
index a644534f3a343628b57a78581060102dceab5806..d1f73bde7f937840dd6f7da6deb20fdfc84c5ac8 100644 (file)
--- a/src/daemon/tlm-manager.c
+++ b/src/daemon/tlm-manager.c
@@ -281,7 +281,7 @@ _load_plugin_file (const gchar *file_path,
         return NULL;
     }
 
-    gchar* get_type_func = g_strdup_printf("tlm_%s_plugin_%s_get_type", 
+    gchar* get_type_func = g_strdup_printf("tlm_%s_plugin_%s_get_type",
                                            plugin_type,
                                            plugin_name);
     gpointer p;
@@ -413,7 +413,7 @@ tlm_manager_init (TlmManager *manager)
 {
     GError *error = NULL;
     TlmManagerPrivate *priv = TLM_MANAGER_PRIV (manager);
-    
+
     priv->config = tlm_config_new ();
     priv->connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error);
     if (!priv->connection) {