Fix TAINTED_INT.LOOP by validating child pid values

Change-Id: Idd4238f125fb04991c7babe220a121943f3c07ea
Signed-off-by: Juyeon Lee <juyeonne.lee@samsung.com>

diff --git a/manager/helper/helper-cgroup.c b/manager/helper/helper-cgroup.c
index 7793fb16a18d9adde682dcd1afb3312228042249..7f84526ae6d171d0c8565d577d42d4003ef7dcfc 100644 (file)
--- a/manager/helper/helper-cgroup.c
+++ b/manager/helper/helper-cgroup.c
@@ -43,6 +43,24 @@ static int cgroup_create(const char *cgroup_full_path)
        return 0;
 }
 
+static int
+string_to_number(const char *s, unsigned int min, unsigned int max,
+                unsigned int *ret)
+{
+       long number;
+       char *end;
+
+       errno = 0;
+       number = strtol(s, &end, 0);
+       if (*end == '\0' && end != s) {
+               if (errno != ERANGE && min <= number && number <= max) {
+                       *ret = number;
+                       return 0;
+               }
+       }
+       return -1;
+}
+
 /*
  * @desc place pid to cgroup.procs file
  * @return 0 in case of success, errno value in case of failure
@@ -83,6 +101,7 @@ stc_error_e cgroup_write_pidtree(const char *cgroup_subsystem,
        char child_buf[21 + MAX_DEC_SIZE(int) + MAX_DEC_SIZE(int) + 1];
        char pidbuf[MAX_DEC_SIZE(int)];
        stc_error_e ret;
+       unsigned int child_pid;
 
        FILE *f;
 
@@ -98,8 +117,7 @@ stc_error_e cgroup_write_pidtree(const char *cgroup_subsystem,
        f = fopen(child_buf, "r");
        ret_value_msg_if(!f, STC_ERROR_FAIL, "Failed to get child pids!");
        while (fgets(pidbuf, sizeof(pidbuf), f) != NULL) {
-               int child_pid = atoi(pidbuf);
-               if (child_pid < 0) {
+               if (string_to_number(pidbuf, INT_MIN, INT_MAX, &child_pid) != 0) {
                        STC_LOGE("Invalid child pid!");
                        fclose(f);
                        return STC_ERROR_FAIL;