memory : don't clear logs when the directory path is too long

Change-Id: Iabed7123bdf03cabc381ed16f0a0b983fb627090
Signed-off-by: Kichan Kwon <k_c.kwon@samsung.com>

diff --git a/src/memory/vmpressure-lowmem-handler.c b/src/memory/vmpressure-lowmem-handler.c
index 0d4bc5bd561caba33475fb28f055ab5fce79705c..2f0ea4975253b99ddf239111747fd55ff9f061f5 100644 (file)
--- a/src/memory/vmpressure-lowmem-handler.c
+++ b/src/memory/vmpressure-lowmem-handler.c
@@ -410,7 +410,17 @@ int clear_logs(void *data)
        char fpath[BUF_MAX];
        char *fname;
        char *dir = (char*)data;
-       char len = strlen(dir);
+       int len = strlen(dir);
+
+       if (!dir || len <= 0) {
+               _E("Invalid parameter");
+               return RESOURCED_ERROR_INVALID_PARAMETER;
+       }
+
+       if (len >= BUF_MAX - 1) {
+               _E("Directory path is too long");
+               return RESOURCED_ERROR_FAIL;
+       }
 
        n = scandir(dir, &namelist, memps_file_select, alphasort);
        _D("num of log files %d", n);
@@ -421,14 +431,16 @@ int clear_logs(void *data)
                return RESOURCED_ERROR_NONE;
        }
 
-       strncpy(fpath, dir, BUF_MAX);
+       strncpy(fpath, dir, len);
        fname = fpath + len;
        *fname++ = '/';
 
-       len = BUF_MAX - len - 2;
+       len = BUF_MAX - len - 1;
        for (i = 0; i < n; i++) {
                if (i < NUM_RM_LOGS) {
-                       strncpy(fname, namelist[i]->d_name, len);
+                       if (strlen(namelist[i]->d_name) > len - 1)
+                               continue;
+                       strncpy(fname, namelist[i]->d_name, len - 1);
                        fpath[BUF_MAX - 1] = '\0';
                        _D("remove log file %s", fpath);
                        ret = remove(fpath);