Fix heap buf overflow

author Jooseok Song <seogii.song@samsung.com>

Wed, 7 Jun 2017 06:11:05 +0000 (15:11 +0900)

committer Jooseok Song <seogii.song@samsung.com>

Wed, 7 Jun 2017 06:11:05 +0000 (15:11 +0900)
author Jooseok Song <seogii.song@samsung.com>
Wed, 7 Jun 2017 06:11:05 +0000 (15:11 +0900)
committer Jooseok Song <seogii.song@samsung.com>
Wed, 7 Jun 2017 06:11:05 +0000 (15:11 +0900)
diff --git a/common/src/account_key_handler.c b/common/src/account_key_handler.c

index d94d6d0c9a6570d71f3f7bff8e851fa70ee1e1a7..8548a1743acab71145e616dfd78466677b8d6a79 100644 (file)
--- a/common/src/account_key_handler.c
+++ b/common/src/account_key_handler.c
@@ -178,7 +178,8 @@ static int _get_app_dek(char *mkey, const char *pkg_id, unsigned char **dek, int
                 return CKMC_ERROR_OUT_OF_MEMORY;
         }
  
-       memcpy(*dek, dek_buffer->data, (*dek_len)+1);
+       memset(*dek, 0, (*dek_len)+1);
+       memcpy(*dek, dek_buffer->data, (*dek_len));
         _ACCOUNT_FREE(dek_buffer->data);
         ckmc_buffer_free(dek_buffer);
  
diff --git a/packaging/account-common.spec b/packaging/account-common.spec

index 68f4bd5a5aadc9fcd2147d8267fee242984d3189..4e4bed73ea6258bb26fcffe5f640aba4609ce3a4 100644 (file)
--- a/packaging/account-common.spec
+++ b/packaging/account-common.spec
@@ -1,6 +1,6 @@
  Name:       account-common
  Summary:    Account common library
-Version:    0.1.11
+Version:    0.1.12
  Release:    1
  Group:      Social & Content/API
  License:    Apache-2.0
author	Jooseok Song <seogii.song@samsung.com>
	Wed, 7 Jun 2017 06:11:05 +0000 (15:11 +0900)
committer	Jooseok Song <seogii.song@samsung.com>
	Wed, 7 Jun 2017 06:11:05 +0000 (15:11 +0900)
common/src/account_key_handler.c		patch \| blob \| history
packaging/account-common.spec		patch \| blob \| history