Fix svace issue (378703, 378705)

 - missing null termination on string copy

Change-Id: Ide831d8fc0d68e74976e99bca02c74b7a73ce917
Signed-off-by: sinikang <sinikang@samsung.com>

diff --git a/packaging/org.tizen.ciss.spec b/packaging/org.tizen.ciss.spec
index dbf469a..b70d401 100644 (file)
--- a/packaging/org.tizen.ciss.spec
+++ b/packaging/org.tizen.ciss.spec
@@ -1,6 +1,6 @@
 %define major 0
 %define minor 1
-%define patchlevel 7
+%define patchlevel 8
 
 Name:       org.tizen.ciss
 Summary:    CISS-MMI application

diff --git a/src/ciss-parser.c b/src/ciss-parser.c
index 8579a98..9495915 100644 (file)
--- a/src/ciss-parser.c
+++ b/src/ciss-parser.c
@@ -326,7 +326,8 @@ int _ciss_parse_req_string(char *pszSS, ciss_mmi_context_t *mmi_ctx)
        DBG("\n [CISS-ENGINE] received string = %s", pszSS);
        mmi_ctx->user_string_length = strlen(pszSS);
        if (mmi_ctx->user_string_length > 0) {
-               memcpy(mmi_ctx->user_string, pszSS, mmi_ctx->user_string_length);
+               memset(mmi_ctx->user_string, 0, MAX_USS_CHAR);
+               strncpy(mmi_ctx->user_string, pszSS, MAX_USS_CHAR - 1);
        } else {
                DBG("\n [CISS-ENGINE] User String Length should be non-zero");
                return CISS_ERR_UNKNOWN;

diff --git a/src/ciss-util.c b/src/ciss-util.c
index ae9a44f..7bb0eec 100644 (file)
--- a/src/ciss-util.c
+++ b/src/ciss-util.c
@@ -25,6 +25,9 @@
 
 char *_ciss_strcpy(char *pBuffer, int nBufCount, const char *pszString)
 {
+       retv_if(pBuffer == NULL, NULL);
+       memset(pBuffer, 0, nBufCount*sizeof(char));
+
        if ((nBufCount - 1) >= (int)strlen(pszString)) {
                strncpy(pBuffer, pszString, (int)strlen(pszString));
                pBuffer[(int)strlen(pszString)] = '\0';