projects / platform / core / account / fido-asm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a69dc07)
fix security svace issue 60/140860/1 accepted/tizen/4.0/unified/20170816.011358 accepted/tizen/4.0/unified/20170816.014713 accepted/tizen/unified/20170728.195236 accepted/tizen/unified/20170801.054813 submit/tizen/20170727.054051 submit/tizen/20170730.224646 submit/tizen_4.0/20170811.094300 submit/tizen_4.0/20170814.115522 submit/tizen_4.0_unified/20170814.115522
authorjkjo92 <jkjo92@samsung.com>
Thu, 27 Jul 2017 02:37:51 +0000 (11:37 +0900)
committerjkjo92 <jkjo92@samsung.com>
Thu, 27 Jul 2017 02:37:51 +0000 (11:37 +0900)
Change-Id: Ic3f37794e46d4db03f57973257bacfe3d75c18d9
Signed-off-by: jkjo92 <jkjo92@samsung.com>
server/auth_discovery/src/BoundADProvider.cpp [changed mode: 0644->0755] patch | blob | history
server/src/AsmStorage.cpp [changed mode: 0644->0755] patch | blob | history

diff --git a/server/auth_discovery/src/BoundADProvider.cpp b/server/auth_discovery/src/BoundADProvider.cpp
old mode 100644 (file)
new mode 100755 (executable)
index 0a2bd7b..f2a26b8
--- a/server/auth_discovery/src/BoundADProvider.cpp
+++ b/server/auth_discovery/src/BoundADProvider.cpp
@@ -54,6 +54,7 @@ BoundADProvider::getAuthStubList(void)
                stubList->push_back(it->second);
                _INFO("");
        }
+       delete __stubCache;
        _INFO("");
        return stubList;
 }
diff --git a/server/src/AsmStorage.cpp b/server/src/AsmStorage.cpp
old mode 100644 (file)
new mode 100755 (executable)
index add6a9f..604402d
--- a/server/src/AsmStorage.cpp
+++ b/server/src/AsmStorage.cpp
@@ -799,6 +799,7 @@ AsmStorage::searchData(IStorageParcel *parcel)
        char q[BUFFLEN] = {0};
        char *value = NULL;
        char query[BUFFLEN] = {0};
+       char execquery[BUFFLEN] = {0};
 
 
        SearchCbData cbData;
@@ -1029,7 +1030,8 @@ AsmStorage::searchData(IStorageParcel *parcel)
        cbData.resList = resultList;
 
        _INFO("AsmStorage::searchData:: query = [%s]", query);
-       int ret = sqlite3_exec(dbHandle, query, searchItemCb, &cbData, &errMsg);
+       sqlite3_mprintf(execquery, query);
+       int ret = sqlite3_exec(dbHandle, execquery, searchItemCb, &cbData, &errMsg);
        _INFO("AsmStorage::searchData:: ERROR MSG : [%s]", errMsg);
        CATCH_IF_FAIL(ret == SQLITE_OK);
 
@@ -1057,6 +1059,7 @@ AsmStorage::deleteData(IStorageParcel *parcel)
        char *errMsg = NULL;
        char q[BUFFLEN] = {0};
        char *value = NULL;
+       char execquery[BUFFLEN] = {0};
        char query[BUFFLEN] = {0};
        RET_IF_FAIL(parcel != NULL, SQLITE_ERROR);
        int ret = 0;
@@ -1154,8 +1157,8 @@ AsmStorage::deleteData(IStorageParcel *parcel)
                _ERR("AUTHLIST does not allow deletion of entries");
                goto CATCH;
        }
-
-       ret = sqlite3_exec(dbHandle, query, NULL, 0, &errMsg);
+       sqlite3_mprintf(execquery, query);
+       ret = sqlite3_exec(dbHandle, execquery, NULL, 0, &errMsg);
        _INFO("AsmStorage::deleteData:: ERROR MSG : [%s]", errMsg);
        CATCH_IF_FAIL(ret == SQLITE_OK);
 
Domain: Service Framework / Account; Licenses: Apache-2.0;