Prevent buffer overflow of signal agent

author Sangyoon Jang <jeremy.jang@samsung.com>

Fri, 13 Jul 2018 07:21:27 +0000 (16:21 +0900)

committer Sangyoon Jang <jeremy.jang@samsung.com>

Fri, 13 Jul 2018 11:43:10 +0000 (11:43 +0000)
author Sangyoon Jang <jeremy.jang@samsung.com>
Fri, 13 Jul 2018 07:21:27 +0000 (16:21 +0900)
committer Sangyoon Jang <jeremy.jang@samsung.com>
Fri, 13 Jul 2018 11:43:10 +0000 (11:43 +0000)
diff --git a/installer/pkgmgr_installer_signal_agent.c b/installer/pkgmgr_installer_signal_agent.c

index 9d5ebd9..2e1b46c 100644 (file)
--- a/installer/pkgmgr_installer_signal_agent.c
+++ b/installer/pkgmgr_installer_signal_agent.c
@@ -225,6 +225,12 @@ static gboolean __handle_signal(gint fd, GIOCondition cond, gpointer user_data)
         memcpy(&type_len, buf, sizeof(size_t));
         memcpy(&data_len, buf + sizeof(size_t), sizeof(gsize));
  
+       if ((type_len + data_len) > BUFMAX) {
+               LOGE("received size is too large: %zu %zd", type_len, data_len);
+               close(clifd);
+               return FALSE;
+       }
+
         r = recv(clifd, buf, type_len + data_len, 0);
         if (r < 0) {
                 LOGE("recv failed: %d", errno);
author	Sangyoon Jang <jeremy.jang@samsung.com>
	Fri, 13 Jul 2018 07:21:27 +0000 (16:21 +0900)
committer	Sangyoon Jang <jeremy.jang@samsung.com>
	Fri, 13 Jul 2018 11:43:10 +0000 (11:43 +0000)