update-manager: Fix finding checksum for a file

The read_checksum_for() function reads checksum file and finds a
checksum for the given file name.
Checksum file is consisted with multiple lines, which contains checksum
data and following file name like below:
    <checksum>  <filename>

Previously, the file name is compared with first n bytes, which n is the
length of file name searching for. (without following '\0')
This may lead to faulty match of file name, below is an example:
	file name in checksum file: "abcd.efg.hi"
	file name searching for: "abcd.efg"
With this condition, the previous code compares only 8 characters, which
is the length of "abcd.efg" so the program considers it as matched.

To fix this situation, checksum and file name are gained using strtok_r
function with delimiter " \n" so the file name can be compared as a
whole.

Change-Id: Iaa14ce35f14b69b613881e375666adc3e5de739d
Signed-off-by: SangYoun Kwak <sy.kwak@samsung.com>

diff --git a/update-manager/common/common-util.c b/update-manager/common/common-util.c
index f584398ca27d63b4f4e924f96237bf2ea18d121f..20a911d1712161dab828c83d644714937e6a11b3 100644 (file)
--- a/update-manager/common/common-util.c
+++ b/update-manager/common/common-util.c
@@ -104,7 +104,8 @@ int util_file_write_line(const char *path, const char *msg)
 static int read_checksum_for(const char *checksum_path, const char *file_name, char *sha1_hex, size_t sha1_hex_len)
 {
        int result = -1;
-       if (sha1_hex_len != (2 * SHA1_LEN + 1)) {
+
+       if (sha1_hex_len < (2 * SHA1_LEN + 1)) {
                _CLOGE("Checksum buffer too small");
                return result;
        }
@@ -116,23 +117,29 @@ static int read_checksum_for(const char *checksum_path, const char *file_name, c
        }
 
        char *line = NULL;
-       size_t line_len;
+       size_t line_len = 0;
 
        while (getline(&line, &line_len, checksum_fp) != -1) {
-               char *file = rindex(line, ' ');
-               if (!file || ! ++file)
+               char *saveptr = NULL;
+               char *checksum = NULL;
+               char *checksum_fname = NULL;
+
+               checksum = strtok_r(line, " \n", &saveptr);
+
+               if (checksum == NULL)
                        continue;
 
-               if (strncmp(file, file_name, strlen(file_name)) == 0) {
-                       char *saveptr;
-                       char *checksum = strtok_r(line, " ", &saveptr);
-                       if (!checksum)
-                               continue;
+               if (strlen(checksum) != (2 * SHA1_LEN))
+                       continue;
+
+               checksum_fname = strtok_r(NULL, " \n", &saveptr);
 
-                       if (strlen(checksum) != 2 * SHA1_LEN)
-                               continue; // the read checksum has an inappropriate size
+               if (checksum_fname == NULL)
+                       continue;
 
-                       strncpy(sha1_hex, checksum, sha1_hex_len);
+               if (strncmp(checksum_fname, file_name, strlen(file_name) + 1) == 0) {
+                       strncpy(sha1_hex, checksum, sha1_hex_len - 1);
+                       sha1_hex[sha1_hex_len - 1] = '\0';
                        result = 0;
                        break;
                }