Use snprintf for better security 76/63176/5 accepted/tizen/common/20160324.173145 accepted/tizen/ivi/20160324.131601 accepted/tizen/mobile/20160324.132845 accepted/tizen/tv/20160324.132640 accepted/tizen/wearable/20160324.132626 submit/tizen/20160324.101535
authorMyungki Lee <mk5004.lee@samsung.com>
Thu, 24 Mar 2016 08:13:20 +0000 (17:13 +0900)
committerMyungki Lee <mk5004.lee@samsung.com>
Thu, 24 Mar 2016 08:13:20 +0000 (17:13 +0900)
Change-Id: I13aad6818f4882a48ad03329f2be724f9652cbf7
Signed-off-by: Myungki Lee <mk5004.lee@samsung.com>
inc/launchpad_common.h
src/launchpad.c
src/launchpad_lib.c

index 0cbeca14c6a97033260aa79f24b95e34bfff8b1f..546bdf0dc060fdce1235dc9782f91f7415f8c172 100644 (file)
@@ -35,6 +35,7 @@
 #define MAX_PENDING_CONNECTIONS 10
 #define MAX_LOCAL_BUFSZ 128
 #define AUL_SOCK_MAXBUFF 131071
+#define LOADER_ARG_LEN 1024
 
 #define PAD_CMD_LAUNCH         0
 #define PAD_CMD_VISIBILITY     10
index b2959cbb3b320c26f75ad0ba5d617d3fac47ae00..25ff8a6e54c67eced3e7cc4c968ccf37e07b719b 100755 (executable)
@@ -377,12 +377,17 @@ static int __prepare_candidate_process(int type, int loader_id)
        int pid;
        char type_str[2] = {0, };
        char loader_id_str[10] = {0, };
-       char *argv[] = {NULL, NULL, NULL, NULL, NULL};
+       char argbuf[LOADER_ARG_LEN];
+       char *argv[] = {NULL, NULL, NULL, NULL, NULL, NULL};
        candidate_process_context_t* cpt = __find_slot(type, loader_id);
 
        if (cpt == NULL)
                return -1;
 
+       memset(argbuf, ' ', LOADER_ARG_LEN);
+       argbuf[LOADER_ARG_LEN-1] = '\0';
+       argv[4] = argbuf;
+
        cpt->last_exec_time = time(NULL);
        pid = fork();
        if (pid == 0) { /* child */
index 4a46ce399d2d285ed51599dbf6f34c8170cc6b23..8e486a26c695b4767d25a4cfd5cb5588c352c46a 100644 (file)
@@ -227,7 +227,7 @@ static int __candidate_process_launchpad_main_loop(app_pkt_t* pkt,
 
        if (out_app_path != NULL && out_argc != NULL && out_argv != NULL) {
                memset(out_app_path, '\0', strlen(out_app_path));
-               sprintf(out_app_path, "%s", app_path);
+               snprintf(out_app_path, LOADER_ARG_LEN, "%s", app_path);
 
                *out_argv = tmp_argv;
                *out_argc = tmp_argc;