projects / platform / core / security / cert-svc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1ba032d)
Fix misuse of sqlite3 statement 35/107135/1
authorsangwan.kwon <sangwan.kwon@samsung.com>
Mon, 26 Dec 2016 08:30:13 +0000 (17:30 +0900)
committersangwan kwon <sangwan.kwon@samsung.com>
Tue, 27 Dec 2016 01:35:37 +0000 (17:35 -0800)
* Query and Statement should be free after use.
* Freed statement's column shouldn't be used.

Change-Id: Ia372ff00ea28c324c8719c01c3634d20570f6169
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
(cherry picked from commit 2c45e4cf1d2fb697a39b01d1998a5100663930c9)

src/server/src/cert-server-logic.c patch | blob | history

diff --git a/src/server/src/cert-server-logic.c b/src/server/src/cert-server-logic.c
index 970239b..bbd0c03 100644 (file)
--- a/src/server/src/cert-server-logic.c
+++ b/src/server/src/cert-server-logic.c
@@ -939,12 +939,12 @@ int getCertificateDetailFromStore(
        char *ckm_alias = add_shared_owner_prefix(gname);
        if (!ckm_alias) {
                SLOGE("Failed to make alias. memory allocation error.");
+               sqlite3_finalize(stmt);
                return CERTSVC_BAD_ALLOC;
        }
 
        result = ckmc_get_data(ckm_alias, NULL, &cert_data);
        free(ckm_alias);
-
        sqlite3_finalize(stmt);
 
        if (result != CKMC_ERROR_NONE) {
@@ -996,7 +996,6 @@ int getCertificateDetailFromSystemStore(const char *gname, char *pOutData)
        }
 
        text = (const char *)sqlite3_column_text(stmt, 0);
-
        if (!text) {
                SLOGE("Fail to sqlite3_column_text");
                sqlite3_finalize(stmt);
@@ -1452,6 +1451,7 @@ int loadCertificatesFromStore(
        sqlite3_stmt *stmt = NULL;
        char **certs = NULL;
        size_t gnameSize = 0;
+       char *columnText = NULL;
 
        /* Get associated_gname from store */
        char *query = sqlite3_mprintf("select associated_gname from %Q "
@@ -1471,9 +1471,9 @@ int loadCertificatesFromStore(
                goto error;
        }
 
-       const char *columnText = (const char *)sqlite3_column_text(stmt, 0);
+       columnText = strdup((const char *)sqlite3_column_text(stmt, 0));
        if (!columnText) {
-               SLOGE("Failed to sqlite3_column_text");
+               SLOGE("Failed to get associated_gname.");
                result = CERTSVC_FAIL;
                goto error;
        }
@@ -1572,6 +1572,9 @@ error:
        if (stmt)
                sqlite3_finalize(stmt);
 
+       if (columnText)
+               free(columnText);
+
        if (certs) {
                for(i = 0; i < gnameSize; i++)
                        free(certs[i]);
Domain: Security / Authentication;