- fix svace issue (LIB.INSECURE_STRNCMP)
The problem that such using checks only prefix of string because null-terminator is not checked.
It may be source of vulnarability when using for compariso passwords.
Correct pattern should use strlen(arg) + 1.
Change-Id: Ib66d43aac119b265c462b0ba35519caa3885d631
mm_util_stderror("realpath failed");
return MM_UTIL_ERROR_NO_SUCH_FILE;
}
- if (strncmp(path, _realpath, strlen(path))) {
+ if (strncmp(path, _realpath, strlen(path) + 1)) {
mm_util_error("file is symbolic link");
free(_realpath);
return MM_UTIL_ERROR_NO_SUCH_FILE;
Name: libmm-utility
Summary: Multimedia Framework Utility Library
-Version: 0.4.24
+Version: 0.4.25
Release: 0
Group: System/Libraries
License: Apache-2.0