[Non-ACR][Preventing Secure Information Leak]

author Abhishek Vijay <abhishek.v@samsung.com>

Thu, 21 Jun 2018 08:43:34 +0000 (14:13 +0530)

committer Abhishek Vijay <abhishek.v@samsung.com>

Fri, 13 Jul 2018 04:55:39 +0000 (04:55 +0000)
author Abhishek Vijay <abhishek.v@samsung.com>
Thu, 21 Jun 2018 08:43:34 +0000 (14:13 +0530)
committer Abhishek Vijay <abhishek.v@samsung.com>
Fri, 13 Jul 2018 04:55:39 +0000 (04:55 +0000)
diff --git a/common/src/account_db_helper.c b/common/src/account_db_helper.c

index f19b4ac932624887298ef3f1b7a2b76dd4b52180..39aa3b7d990ebc99371fb232fda75a3d8f0bae13 100644 (file)
--- a/common/src/account_db_helper.c
+++ b/common/src/account_db_helper.c
@@ -254,7 +254,7 @@ int _account_execute_query(sqlite3 *account_db_handle, const char *query)
  
         rc = sqlite3_exec(account_db_handle, query, NULL, NULL, &pszErrorMsg);
         if (SQLITE_OK != rc) {
-               ACCOUNT_ERROR("sqlite3_exec rc(%d) query(%s) failed(%s).", rc, query, pszErrorMsg);
+               ACCOUNT_ERROR("sqlite3_exec rc(%d) failed(%s).", rc, pszErrorMsg);
                 sqlite3_free(pszErrorMsg);
         }
  
@@ -349,7 +349,7 @@ account_stmt _account_prepare_query(sqlite3 *account_db_handle, char *query)
  
         rc = sqlite3_prepare_v2(account_db_handle, query, strlen(query), &pStmt, NULL);
  
-       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, NULL, ("sqlite3_prepare_v2(%s) failed(%s).", query, _account_db_err_msg(account_db_handle)));
+       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, NULL, ("sqlite3_prepare_v2() failed(%s).", _account_db_err_msg(account_db_handle)));
  
         return pStmt;
  }
@@ -463,69 +463,71 @@ static void _account_db_data_to_text(const char *textbuf, char **output)
  
  int _account_convert_account_to_sql(account_s *account, account_stmt hstmt, char *sql_value)
  {
-       _INFO("start");
+       _INFO("_account_convert_account_to_sql start");
  
-       int count = 1;
+       int rc = -1, count = 1;
  
         /*Caution : Keep insert query orders.*/
  
         /* 1. user name*/
-       _account_query_bind_text(hstmt, count++, (char *)account->user_name);
-       _INFO("account_update_to_db_by_id_ex_p : after convert() : account_id[%d], user_name=%s", account->id, account->user_name);
+       rc = _account_query_bind_text(hstmt, count++, (char *)account->user_name);
+       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_text() failed::user_name, account_id [%d]", account->id));
  
         /* 2. email address*/
-       _account_query_bind_text(hstmt, count++, (char *)account->email_address);
-       _INFO("account_update_to_db_by_id_ex_p : after convert() : account_id[%d], email_address=%s", account->id, account->email_address);
+       rc = _account_query_bind_text(hstmt, count++, (char *)account->email_address);
+       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_text() failed::email_address, account_id [%d]", account->id));
  
         /* 3. display name*/
-       _account_query_bind_text(hstmt, count++, (char *)account->display_name);
-       _INFO("account_update_to_db_by_id_ex_p : after convert() : account_id[%d], display_name=%s", account->id, account->display_name);
+       rc = _account_query_bind_text(hstmt, count++, (char *)account->display_name);
+       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_text() failed::display_name, account_id [%d]", account->id));
  
         /* 4. icon path*/
-       _account_query_bind_text(hstmt, count++, (char *)account->icon_path);
-       _INFO("account_update_to_db_by_id_ex_p : after convert() : account_id[%d], icon_path=%s", account->id, account->icon_path);
+       rc = _account_query_bind_text(hstmt, count++, (char *)account->icon_path);
+       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_text() failed::icon_name, account_id [%d]", account->id));
  
         /* 5. source*/
-       _account_query_bind_text(hstmt, count++, (char *)account->source);
-       _INFO("account_update_to_db_by_id_ex_p : after convert() : account_id[%d], source=%s", account->id, account->source);
+       rc = _account_query_bind_text(hstmt, count++, (char *)account->source);
+       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_text() failed::source, account_id [%d]", account->id));
  
         /* 6. package name*/
-       _account_query_bind_text(hstmt, count++, (char *)account->package_name);
-       _INFO("account_update_to_db_by_id_ex_p : after convert() : account_id[%d], package_name=%s", account->id, account->package_name);
+       rc = _account_query_bind_text(hstmt, count++, (char *)account->package_name);
+       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_text() failed::package_name, account_id [%d]", account->id));
  
         /* 7. access token*/
-       _account_query_bind_text(hstmt, count++, (char *)account->access_token);
-       _INFO("account_update_to_db_by_id_ex_p : after convert() : account_id[%d], access_token=%s", account->id, account->access_token);
+       rc = _account_query_bind_text(hstmt, count++, (char *)account->access_token);
+       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_text() failed::access_token, account_id [%d]", account->id));
  
         /* 8. domain name*/
-       _account_query_bind_text(hstmt, count++, (char *)account->domain_name);
-       _INFO("account_update_to_db_by_id_ex_p : after convert() : account_id[%d], domain_name=%s", account->id, account->domain_name);
+       rc = _account_query_bind_text(hstmt, count++, (char *)account->domain_name);
+       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_text() failed::domain_name, account_id [%d]", account->id));
  
         /* 9. auth type*/
-       _account_query_bind_int(hstmt, count++, account->auth_type);
-       _INFO("account_update_to_db_by_id_ex_p : after convert() : account_id[%d], auth_type=%d", account->id, account->auth_type);
+       rc = _account_query_bind_int(hstmt, count++, account->auth_type);
+       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_int() failed::auth_type, account_id [%d]", account->id));
  
         /* 10. secret */
-       _account_query_bind_int(hstmt, count++, account->secret);
-       _INFO("account_update_to_db_by_id_ex_p : after convert() : account_id[%d], secret=%d", account->id, account->secret);
+       rc = _account_query_bind_int(hstmt, count++, account->secret);
+       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_int() failed::secret, account_id [%d]", account->id));
  
         /* 11. sync_support */
-       _account_query_bind_int(hstmt, count++, account->sync_support);
-       _INFO("account_update_to_db_by_id_ex_p : after convert() : account_id[%d], sync_support=%d", account->id, account->sync_support);
+       rc = _account_query_bind_int(hstmt, count++, account->sync_support);
+       ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_int() failed::sync_support, account_id [%d]", account->id));
  
         int i;
  
         /* 12. user text*/
-       for (i = 0; i < USER_TXT_CNT; i++)
-               _account_query_bind_text(hstmt, count++, (char *)account->user_data_txt[i]);
+       for (i = 0; i < USER_TXT_CNT; i++) {
+               rc = _account_query_bind_text(hstmt, count++, (char *)account->user_data_txt[i]);
+               ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_text() failed::user_data_txt, account_id [%d]", account->id));
+       }
  
         /* 13. user integer     */
         for (i = 0; i < USER_INT_CNT; i++) {
-               _account_query_bind_int(hstmt, count++, account->user_data_int[i]);
-               _INFO("convert user_data_int : marshal_user_int data_int[%d]=%d", i, account->user_data_int[i]);
+               rc = _account_query_bind_int(hstmt, count++, account->user_data_int[i]);
+               ACCOUNT_RETURN_VAL((SQLITE_OK == rc), {}, rc, ("_account_query_bind_int() failed::user_data_int, account_id [%d]", account->id));
         }
  
-       _INFO("end");
+       _INFO("_account_convert_account_to_sql end");
  
         return count;
  }
@@ -634,7 +636,7 @@ void _account_convert_column_to_custom(account_stmt hstmt, account_custom_s *cus
  
  int _account_get_record_count(sqlite3 *account_db_handle, const char *query)
  {
-       _INFO("_account_get_record_count query=[%s]", query);
+       _INFO("_account_get_record_count() start");
  
         int rc = -1;
         int ncount = 0;
@@ -678,6 +680,7 @@ int _account_get_record_count(sqlite3 *account_db_handle, const char *query)
         _INFO("account record count [%d]", ncount);
         sqlite3_finalize(pStmt);
  
+       _INFO("_account_get_record_count() end");
         return ncount;
  }
  
@@ -1410,14 +1413,14 @@ int _account_check_duplicated(sqlite3 *account_db_handle, account_s *data, const
                 if (account != NULL) {
                         if (account->user_name != NULL && data->user_name != NULL &&
                                         strcmp(account->user_name, data->user_name) == 0) {
-                               _INFO("duplicated account(s) exist!, same user_name=%s", data->user_name);
+                               _INFO("duplicated account(s) exists with same user_name");
                                 return _ACCOUNT_ERROR_DUPLICATED;
                         }
                         /* when user_name is not NULL and display_name is same. */
                         if (account->user_name == NULL && data->user_name == NULL &&
                                         account->display_name != NULL && data->display_name != NULL &&
                                         strcmp(account->display_name, data->display_name) == 0) {
-                               _INFO("duplicated account(s) exist!, same display_name=%s", data->display_name);
+                               _INFO("duplicated account(s) exist with same display_name");
                                 return _ACCOUNT_ERROR_DUPLICATED;
                         }
                         /* when user_name and display_name are not NULL and email_address is same. */
@@ -1425,7 +1428,7 @@ int _account_check_duplicated(sqlite3 *account_db_handle, account_s *data, const
                                         account->display_name == NULL && data->display_name == NULL &&
                                         account->email_address != NULL && data->email_address != NULL &&
                                         strcmp(account->email_address, data->email_address) == 0) {
-                               _INFO("duplicated account(s) exist!, same email_address=%s", data->email_address);
+                               _INFO("duplicated account(s) exists with same email_address");
                                 return _ACCOUNT_ERROR_DUPLICATED;
                         }
                 }
@@ -1605,7 +1608,7 @@ int _account_delete_account_by_package_name(sqlite3 *account_db_handle, const ch
         _account_query_bind_text(hstmt, binding_count++, package_name);
  
         rc = _account_query_step(hstmt);
-       ACCOUNT_CATCH_ERROR(rc == SQLITE_DONE, {}, _ACCOUNT_ERROR_RECORD_NOT_FOUND, ("The record isn't found. package_name=%s, rc=%d\n", package_name, rc));
+       ACCOUNT_CATCH_ERROR(rc == SQLITE_DONE, {}, _ACCOUNT_ERROR_RECORD_NOT_FOUND, ("The record isn't found, rc=%d\n", rc));
  
         rc = _account_query_finalize(hstmt);
         ACCOUNT_RETURN_VAL((rc == _ACCOUNT_ERROR_NONE),
author	Abhishek Vijay <abhishek.v@samsung.com>
	Thu, 21 Jun 2018 08:43:34 +0000 (14:13 +0530)
committer	Abhishek Vijay <abhishek.v@samsung.com>
	Fri, 13 Jul 2018 04:55:39 +0000 (04:55 +0000)