projects / platform / core / api / system-info.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a7567d7)
Prevent buffer overflow on reading value 23/237223/1 accepted/tizen_3.0_mobile accepted/tizen_3.0_tv accepted/tizen_3.0_wearable tizen_3.0 accepted/tizen/3.0/mobile/20200706.011115 accepted/tizen/3.0/tv/20200706.011119 accepted/tizen/3.0/wearable/20200706.011123 submit/tizen_3.0/20200702.060303
authorKichan Kwon <k_c.kwon@samsung.com>
Mon, 22 Jun 2020 03:30:38 +0000 (12:30 +0900)
committerKichan Kwon <k_c.kwon@samsung.com>
Fri, 26 Jun 2020 05:31:44 +0000 (14:31 +0900)
Change-Id: I4a6d5abce72c4f2165a0d190068ef75157cf4c35
Signed-off-by: Kichan Kwon <k_c.kwon@samsung.com>
src/system_info.c patch | blob | history

diff --git a/src/system_info.c b/src/system_info.c
index 821fe93b3e7db734852a1bd093c595b196b7c267..5c2d24dc9d19c637ee14a0e8dd0ba144610a649a 100644 (file)
--- a/src/system_info.c
+++ b/src/system_info.c
@@ -74,6 +74,7 @@ static int db_get_value(enum tag_type tag, const char *key,
        char key_internal[KEY_MAX];
        size_t key_internal_len;
        char buf[PATH_MAX];     // buffer size should be larger than KEY_MAX
+       size_t value_internal_len;
        FILE *fp = NULL;
        int ret;
        char *tag_s;
@@ -124,7 +125,9 @@ static int db_get_value(enum tag_type tag, const char *key,
        key_internal_len = strlen(key_internal);
        while ((temp = fgets(buf, sizeof(buf), fp))) {
                if (!strncmp(buf, key_internal, key_internal_len) && buf[key_internal_len] == ' ') {
-                       sscanf(buf, "%*s %[^\n]s", value);
+                       value_internal_len = strcspn(buf + key_internal_len + 1, "\n") + 1;
+                       snprintf(value, len < value_internal_len ? len : value_internal_len,
+                                       "%s", buf + key_internal_len + 1);
                        break;
                }
        }
Domain: System / System Framework;