Add to verify the size of receive buffer

Change-Id: I2fea4c0bb647385e2f5ed0e6783042b424cc07dd

diff --git a/core/src/muse_core.c b/core/src/muse_core.c
index fbf823d83348973c1456eab7a2d8cdc519fdd2ec..0dd0a814bffed495d73a5a98623207c63d9c70fd 100644 (file)
--- a/core/src/muse_core.c
+++ b/core/src/muse_core.c
@@ -398,6 +398,7 @@ int muse_core_msg_recv(int sock_fd, char *msg)
 int muse_core_msg_recv_fd(int sock_fd, char *buf, int *out_fd)
 {
        int ret = 0;
+       int buf_len = 0;
        int pid;
        struct cmsghdr *cptr;
        struct msghdr msg;
@@ -417,6 +418,14 @@ int muse_core_msg_recv_fd(int sock_fd, char *buf, int *out_fd)
                return RECV_FAIL;
        }
 
+       while (!buf[buf_len] && buf_len < MUSE_MSG_MAX_LENGTH)
+               buf_len++;
+
+       if (buf_len < msg_info.size && buf_len != 0) {
+               LOGE("stack overflow caution !! [recv buf's length (%d) must be larger than msg' length (%d)", buf_len, msg_info.size);
+               return RECV_FAIL;
+       }
+
        if (msg_info.marker != MUSE_MSG_HEAD) {
                LOGE("invalid marker 0x%x", msg_info.marker);
                return RECV_FAIL;

diff --git a/packaging/mused.spec b/packaging/mused.spec
index f6f4c86f6010e6aac6d91bfd9496c53ed69839fb..fc8553597b1a19c5d96d310310c51b0ae2b80a2e 100644 (file)
--- a/packaging/mused.spec
+++ b/packaging/mused.spec
@@ -1,6 +1,6 @@
 Name:       mused
 Summary:    A multimedia daemon
-Version:    0.3.45
+Version:    0.3.46
 Release:    0
 Group:      System/Libraries
 License:    Apache-2.0

diff --git a/server/src/muse_server_connection.c b/server/src/muse_server_connection.c
index 1a04eea01d50f7ff903adb64b59f4e766ef540ab..66a8f3eac16b5071b598ab0a7f36520cb6a5ebb9 100644 (file)
--- a/server/src/muse_server_connection.c
+++ b/server/src/muse_server_connection.c
@@ -174,7 +174,7 @@ ms_event_e ms_connection_event_handler(int *state_value)
                        p_event->events = EPOLLRDHUP;
                        if (epoll_ctl(ep_fd, EPOLL_CTL_MOD, fd, p_event) == EPOLL_ERR) {
                                strerror_r(errno, err_msg, MUSE_MSG_LEN_MAX);
-                               LOGE("epoll ctl error - %s", err_msg);
+                               LOGE("epoll ctl error - %s [%d]", err_msg, errno);
                        }
 
                        event_value = MUSE_EVENT_CONNECTION_STATE_CHANGED;
@@ -183,7 +183,7 @@ ms_event_e ms_connection_event_handler(int *state_value)
 
                        if (epoll_ctl(ep_fd, EPOLL_CTL_DEL, fd, p_event) == EPOLL_ERR) {
                                strerror_r(errno, err_msg, MUSE_MSG_LEN_MAX);
-                               LOGE("epoll ctl error - %s", err_msg);
+                               LOGE("epoll ctl error - %s [%d]", err_msg, errno);
                        }
 
                        *state_value = MUSE_CONNECTION_STATE_DISCONNECTED;