pass: pmqos: remove possible stringop-overflow

When parsing and trimming qos scenario name, there can be possible
stringop-overflow. To remove possible overflow, copy string with
strncpy() and then cut 'Lock' or 'Unlock'. Also, remove function,
is_pmqos_locked(), called only once.

Change-Id: I95a4bcde662c3d8390fab0dd661c9ecc84eb407a
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>

diff --git a/src/pass/pass-pmqos.c b/src/pass/pass-pmqos.c
index 319e4d64d65176f2fe45fdc5d22df4d649b35e86..dd96e8c2c8000fb27d822c59ebd1e25dabc8fe4b 100644 (file)
--- a/src/pass/pass-pmqos.c
+++ b/src/pass/pass-pmqos.c
@@ -55,25 +55,6 @@ static int64_t get_time_ms(void)
        return ((int64_t) now.tv_sec * 1000 + (int64_t) now.tv_usec / 1000);
 }
 
-static enum pass_state is_pmqos_locked(char *data, char *name)
-{
-       char *unlock = NULL;
-
-       if (!data)
-               return PASS_OFF;
-
-       unlock = strstr(data, PASS_UNLOCK);
-       if (!unlock) {
-               /* Lock scenario */
-               strncpy(name, data, strlen(data) - strlen(PASS_LOCK));
-               return PASS_ON;
-       } else {
-               /* Unlock scenario */
-               strncpy(name, data, strlen(data) - strlen(PASS_UNLOCK));
-               return PASS_OFF;
-       }
-}
-
 static int find_scenario_index(struct pass_pmqos *pmqos, char *name)
 {
        int index;
@@ -107,11 +88,30 @@ static int pmqos_notifier_cb(void *data, void *user_data)
        if (pmqos->state != PASS_ON || !pmqos->scenarios)
                return 0;
 
-       /*
-        * Parse scenario name(data) whether to include 'Lock' or 'Unlock'
-        * string and divide correct scenario name.
-        */
-       locked = is_pmqos_locked(data, name);
+       if (data) {
+               /*
+                * Parse scenario name whether to include 'Lock' or 'Unlock'
+                * string and divide correct scenario name.
+                */
+               char *end;
+
+               strncpy(name, data, sizeof(name) - 1);
+               name[sizeof(name) - 1] = '\0';
+               end = strstr(name, PASS_UNLOCK);
+               if (!end) {
+                       /* Lock scenario */
+                       locked = PASS_ON;
+                       end = strstr(name, PASS_LOCK);
+               } else {
+                       /* Unlock scenario */
+                       locked = PASS_OFF;
+               }
+               if (end)
+                       *end = '\0';
+       } else {
+               locked = PASS_OFF;
+       }
+
        index = find_scenario_index(pmqos, name);
        if (index < 0) {
                _W("Unknown scenario (%s) for '%s' resource\n",