Bug fix. insecure strncmp

 - fix svace issue (LIB.INSECURE_STRNCMP)

The problem that such using checks only prefix of string because null-terminator is not checked.
It may be source of vulnarability when using for compariso passwords.
Correct pattern should use strlen(arg) + 1.

Change-Id: I3fd5a9e785e5f87a53b23909ddc01963dbd8916d

diff --git a/packaging/capi-media-controller.spec b/packaging/capi-media-controller.spec
index 6f959380160afb86fab712f03801dffb1be6a0fd..905800db73b262eda4d62e98743124992e339957 100644 (file)
--- a/packaging/capi-media-controller.spec
+++ b/packaging/capi-media-controller.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-controller
 Summary:    A media controller library in Tizen Native API
-Version:    1.0.4
+Version:    1.0.5
 Release:    0
 Group:      Multimedia/API
 License:    Apache-2.0
@@ -75,7 +75,7 @@ export LDFLAGS+=" -lgcov"
 %endif
 
 MAJORVER=`echo %{version} | awk 'BEGIN {FS="."}{print $1}'`
-SO_FULLVER=0.3.1
+SO_FULLVER=0.3.2
 SO_MAJORVER=`echo ${SO_FULLVER} | awk 'BEGIN {FS="."}{print $1}'`
 %cmake . -DFULLVER=%{version} -DMAJORVER=${MAJORVER} -DSO_FULLVER=${SO_FULLVER} -DSO_MAJORVER=${SO_MAJORVER} \
 %if %{on_demand}

diff --git a/src/media_controller_metadata.c b/src/media_controller_metadata.c
index 8d5ff601a9c908b091510419e44bc48d72747d4e..221cb570d084bc1cdc0924bcfe1e1fa485109e06 100644 (file)
--- a/src/media_controller_metadata.c
+++ b/src/media_controller_metadata.c
@@ -528,8 +528,8 @@ int _parse_encoded_meta(mc_meta_e attribute, const char *encoded_meta, int *int_
 
        mc_secure_debug("[%d] [%s] [%s] [%s]", attribute, params[0], params[1], params[2]);
 
-       if (((attribute == MC_META_MEDIA_SEASON) && (strncmp(params[0], KEY_SEASON, strlen(KEY_SEASON)) == 0))
-               || ((attribute == MC_META_MEDIA_EPISODE) && (strncmp(params[0], KEY_EPISODE, strlen(KEY_EPISODE)) == 0))) {
+       if (((attribute == MC_META_MEDIA_SEASON) && (strncmp(params[0], KEY_SEASON, strlen(KEY_SEASON) + 1) == 0))
+               || ((attribute == MC_META_MEDIA_EPISODE) && (strncmp(params[0], KEY_EPISODE, strlen(KEY_EPISODE) + 1) == 0))) {
 
                ret = mc_safe_strtoi(params[1], &_int_val_1);
                if (ret == MEDIA_CONTROLLER_ERROR_NONE) {

diff --git a/src/media_controller_server.c b/src/media_controller_server.c
index e5cc2153101686423c69703f0368815fca7a539e..12871a627ac48d67788fd78e17c419f1f46ef65f 100644 (file)
--- a/src/media_controller_server.c
+++ b/src/media_controller_server.c
@@ -475,12 +475,12 @@ static void __server_enable_cmd_cb(const char *interface_name, const char *signa
        params = g_strsplit(message, MC_STRING_DELIMITER, 0);
        mc_retm_if_failed(params);
 
-       if (!strncmp(signal_name, MC_DBUS_SIGNAL_NAME_SUBTITLES, strlen(MC_DBUS_SIGNAL_NAME_SUBTITLES))) {
+       if (!strncmp(signal_name, MC_DBUS_SIGNAL_NAME_SUBTITLES, strlen(MC_DBUS_SIGNAL_NAME_SUBTITLES) + 1)) {
                if (_mc_util_get_command_available(MC_PRIV_TYPE_SERVER, params[0], MC_COMMAND_SUBTITLES, NULL) != MEDIA_CONTROLLER_ERROR_NONE) {
                        mc_error("Error permission denied for subtitles");
                        return;
                }
-       } else if (!strncmp(signal_name, MC_DBUS_SIGNAL_NAME_360, strlen(MC_DBUS_SIGNAL_NAME_360))) {
+       } else if (!strncmp(signal_name, MC_DBUS_SIGNAL_NAME_360, strlen(MC_DBUS_SIGNAL_NAME_360) + 1)) {
                if (_mc_util_get_command_available(MC_PRIV_TYPE_SERVER, params[0], MC_COMMAND_360, NULL) != MEDIA_CONTROLLER_ERROR_NONE) {
                        mc_error("Error permission denied for 360");
                        return;

diff --git a/src/media_controller_util.c b/src/media_controller_util.c
index 6dc32cb5c0ca8fed7edb042cebff61caaafc2f94..c441c1d77e310b67fea274099d306f1bf72dab7b 100644 (file)
--- a/src/media_controller_util.c
+++ b/src/media_controller_util.c
@@ -249,7 +249,7 @@ const char * _mc_util_replace_null(const char *data)
        const char *_null_str = "(null)";
        mc_retvm_if(!data, NULL, "invalid data");
 
-       if (!strncmp(_null_str, data, strlen(_null_str)))
+       if (!strncmp(_null_str, data, strlen(_null_str) + 1))
                return NULL;
        else
                return data;

diff --git a/svc/media_controller_db_util.c b/svc/media_controller_db_util.c
index 9ffdd74709cc11b53b68612f88d1a95b2b0b4d8c..35da3342630fa72ce1953993efcb6500bc200dc5 100644 (file)
--- a/svc/media_controller_db_util.c
+++ b/svc/media_controller_db_util.c
@@ -537,7 +537,7 @@ static const char * __replace_null(const char *data)
        const char *_null_str = "(null)";
        mc_retvm_if(!data, NULL, "invalid data");
 
-       if (!strncmp(_null_str, data, strlen(_null_str)))
+       if (!strncmp(_null_str, data, strlen(_null_str) + 1))
                return NULL;
        else
                return data;
@@ -609,7 +609,7 @@ static int __parse_db_request(gchar **params, char **sql_str)
        mc_retvm_if((!params[0] || !params[1]),
                        MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "invalid query");
 
-       if (strncmp(MC_DB_CMD_UPDATE_PLAYBACK, params[0], strlen(MC_DB_CMD_UPDATE_PLAYBACK)) == 0) {
+       if (strncmp(MC_DB_CMD_UPDATE_PLAYBACK, params[0], strlen(MC_DB_CMD_UPDATE_PLAYBACK) + 1) == 0) {
                mc_retvm_if((!params[2] || !params[3] || !params[4] || !params[5]),
                                MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "invalid query");
 
@@ -649,28 +649,28 @@ static int __parse_db_request(gchar **params, char **sql_str)
                                __replace_null(meta_params[10]), __replace_null(meta_params[11]), __replace_null(meta_params[12]),
                                __replace_null(meta_params[13]), __replace_null(meta_params[14]));\
 
-       } else if (strncmp(MC_DB_CMD_UPDATE_SHUFFLE, params[0], strlen(MC_DB_CMD_UPDATE_SHUFFLE)) == 0) {
+       } else if (strncmp(MC_DB_CMD_UPDATE_SHUFFLE, params[0], strlen(MC_DB_CMD_UPDATE_SHUFFLE) + 1) == 0) {
                mc_retvm_if(!params[2], MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "invalid query");
 
                mc_safe_strtoi(params[2], &i_value);
                _sql_str = sqlite3_mprintf("UPDATE %q SET shuffle_mode=%d WHERE name=%Q", MC_DB_TABLE_SERVER_INFO, i_value, params[1]);
 
-       } else if (strncmp(MC_DB_CMD_UPDATE_REPEAT, params[0], strlen(MC_DB_CMD_UPDATE_REPEAT)) == 0) {
+       } else if (strncmp(MC_DB_CMD_UPDATE_REPEAT, params[0], strlen(MC_DB_CMD_UPDATE_REPEAT) + 1) == 0) {
                mc_retvm_if(!params[2], MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "invalid query");
 
                mc_safe_strtoi(params[2], &i_value);
                _sql_str = sqlite3_mprintf("UPDATE %q SET repeat_mode=%d WHERE name=%Q", MC_DB_TABLE_SERVER_INFO, i_value, params[1]);
 
-       } else if (strncmp(MC_DB_CMD_UPDATE_LATEST, params[0], strlen(MC_DB_CMD_UPDATE_LATEST)) == 0) {
+       } else if (strncmp(MC_DB_CMD_UPDATE_LATEST, params[0], strlen(MC_DB_CMD_UPDATE_LATEST) + 1) == 0) {
                _sql_str = sqlite3_mprintf("DELETE FROM %q; INSERT INTO %q VALUES ('%q');", MC_DB_TABLE_LATEST_SERVER, MC_DB_TABLE_LATEST_SERVER, params[1]);
 
 
-       } else if (strncmp(MC_DB_CMD_ADD_PLAYLIST, params[0], strlen(MC_DB_CMD_ADD_PLAYLIST)) == 0) {
+       } else if (strncmp(MC_DB_CMD_ADD_PLAYLIST, params[0], strlen(MC_DB_CMD_ADD_PLAYLIST) + 1) == 0) {
                mc_retvm_if(!params[2], MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "invalid query");
 
                _sql_str = sqlite3_mprintf("INSERT INTO %q(server_name, playlist_name) VALUES (%Q, %Q)", MC_DB_TABLE_PLAYLIST, params[1], params[2]);
 
-       } else if (strncmp(MC_DB_CMD_UPDATE_PLAYLIST, params[0], strlen(MC_DB_CMD_UPDATE_PLAYLIST)) == 0) {
+       } else if (strncmp(MC_DB_CMD_UPDATE_PLAYLIST, params[0], strlen(MC_DB_CMD_UPDATE_PLAYLIST) + 1) == 0) {
                gchar *message = NULL;
                size_t message_size = 0;
                bundle *bundle = NULL;
@@ -698,13 +698,13 @@ static int __parse_db_request(gchar **params, char **sql_str)
                playlist_query.query_list = NULL;
                mc_retvm_if(!_sql_str, MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "invalid query");
 
-       } else if (strncmp(MC_DB_CMD_UPDATE_ICON, params[0], strlen(MC_DB_CMD_UPDATE_ICON)) == 0) {
+       } else if (strncmp(MC_DB_CMD_UPDATE_ICON, params[0], strlen(MC_DB_CMD_UPDATE_ICON) + 1) == 0) {
                if (params[2])
                        _sql_str = sqlite3_mprintf("UPDATE %q SET icon_uri=%Q WHERE name=%Q", MC_DB_TABLE_SERVER_INFO, params[2], params[1]);
                else
                        _sql_str = sqlite3_mprintf("UPDATE %q SET icon_uri=NULL WHERE name=%Q", MC_DB_TABLE_SERVER_INFO, params[1]);
 
-       } else if (strncmp(MC_DB_CMD_UPDATE_ABILITY, params[0], strlen(MC_DB_CMD_UPDATE_ABILITY)) == 0) {
+       } else if (strncmp(MC_DB_CMD_UPDATE_ABILITY, params[0], strlen(MC_DB_CMD_UPDATE_ABILITY) + 1) == 0) {
                mc_retvm_if((!params[2] || !params[3]),
                                        MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "invalid query");
 
@@ -713,30 +713,30 @@ static int __parse_db_request(gchar **params, char **sql_str)
 
                _sql_str = sqlite3_mprintf("UPDATE %q SET ability_decided=%llu, ability_supported=%llu WHERE name=%Q", MC_DB_TABLE_SERVER_INFO, llu_value, llu_value2, params[1]);
 
-       } else if (strncmp(MC_DB_CMD_REMOVE_PLAYLIST, params[0], strlen(MC_DB_CMD_REMOVE_PLAYLIST)) == 0) {
+       } else if (strncmp(MC_DB_CMD_REMOVE_PLAYLIST, params[0], strlen(MC_DB_CMD_REMOVE_PLAYLIST) + 1) == 0) {
                mc_retvm_if(!params[2], MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "invalid query");
 
                _sql_str = sqlite3_mprintf("DELETE FROM %q WHERE server_name=%Q and playlist_name=%Q", MC_DB_TABLE_PLAYLIST, params[1], params[2]);
 
-       } else if (strncmp(MC_DB_CMD_UPDATE_SUBTITLES, params[0], strlen(MC_DB_CMD_UPDATE_SUBTITLES)) == 0) {
+       } else if (strncmp(MC_DB_CMD_UPDATE_SUBTITLES, params[0], strlen(MC_DB_CMD_UPDATE_SUBTITLES) + 1) == 0) {
                mc_retvm_if(!params[2], MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "invalid query");
 
                mc_safe_strtoi(params[2], &i_value);
                _sql_str = sqlite3_mprintf("UPDATE %q SET subtitles_mode=%d WHERE name=%Q", MC_DB_TABLE_SERVER_INFO, i_value, params[1]);
 
-       } else if (strncmp(MC_DB_CMD_UPDATE_DISPLAY_MODE, params[0], strlen(MC_DB_CMD_UPDATE_DISPLAY_MODE)) == 0) {
+       } else if (strncmp(MC_DB_CMD_UPDATE_DISPLAY_MODE, params[0], strlen(MC_DB_CMD_UPDATE_DISPLAY_MODE) + 1) == 0) {
                mc_retvm_if(!params[2], MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "invalid query");
 
                mc_safe_strtoi(params[2], &i_value);
                _sql_str = sqlite3_mprintf("UPDATE %q SET display_mode=%d WHERE name=%Q", MC_DB_TABLE_SERVER_INFO, i_value, params[1]);
 
-       } else if (strncmp(MC_DB_CMD_UPDATE_DISPLAY_ROTATION, params[0], strlen(MC_DB_CMD_UPDATE_DISPLAY_ROTATION)) == 0) {
+       } else if (strncmp(MC_DB_CMD_UPDATE_DISPLAY_ROTATION, params[0], strlen(MC_DB_CMD_UPDATE_DISPLAY_ROTATION) + 1) == 0) {
                mc_retvm_if(!params[2], MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "invalid query");
 
                mc_safe_strtoi(params[2], &i_value);
                _sql_str = sqlite3_mprintf("UPDATE %q SET display_rotation=%d WHERE name=%Q", MC_DB_TABLE_SERVER_INFO, i_value, params[1]);
 
-       } else if (strncmp(MC_DB_CMD_UPDATE_360, params[0], strlen(MC_DB_CMD_UPDATE_360)) == 0) {
+       } else if (strncmp(MC_DB_CMD_UPDATE_360, params[0], strlen(MC_DB_CMD_UPDATE_360) + 1) == 0) {
                mc_retvm_if(!params[2], MEDIA_CONTROLLER_ERROR_INVALID_OPERATION, "invalid query");
 
                mc_safe_strtoi(params[2], &i_value);