misc: avoid potential buffer overflows

Change-Id: I9c0c8c389cb502719d531a8495f4e35539606ffa
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
(cherry picked from commit 31061870b2693168025f6d6717c1ea8e8ae8c3e6)

diff --git a/src/default_plugin_appcmd.c b/src/default_plugin_appcmd.c
index 643fb778a963361a14b27617145b0941bae4f8c7..62a0217ca3829ba60f180a0cd7bfacf47d81eed2 100644 (file)
--- a/src/default_plugin_appcmd.c
+++ b/src/default_plugin_appcmd.c
@@ -300,7 +300,7 @@ static void appcmd_receiver_debugwebapp(int fd_in, int fd_out)
 
         D("debug webapp output : %s\n", buf);
         sub_str = strstr(buf, "port: ");
-        if (sub_str != NULL && sscanf(sub_str, "port: %s", port_str) == 1) {
+        if (sub_str != NULL && sscanf(sub_str, "port: %31s", port_str) == 1) {
             snprintf(out_buf, sizeof(out_buf), "\n%s:%s\n", MESSAGE_PREFIX_APPCMD_RETURN, port_str);
             writex(fd_out, out_buf, strlen(out_buf)+1);
             break;
@@ -411,13 +411,13 @@ static void appcmd_receiver_appinfo(int fd_in, int fd_out)
 
         if (!strncmp(buf, "Appid: ", 7)) {
             memset(appid, 0, sizeof(appid));
-            sscanf(buf, "Appid: %s", appid);
+            sscanf(buf, "Appid: %127s", appid);
 
             snprintf(out_buf+out_ptr, sizeof(out_buf)-out_ptr, ":%s", appid);
             out_ptr += strlen(appid)+1;
         } else if (!strncmp(buf, "Apptype: ", 9)) {
             memset(apptype, 0, sizeof(apptype));
-            sscanf(buf, "Apptype: %s", apptype);
+            sscanf(buf, "Apptype: %127s", apptype);
 
             snprintf(out_buf+out_ptr, sizeof(out_buf)-out_ptr, ":%s", apptype);
             out_ptr += strlen(apptype)+1;