fix security svace: strcpy

Signed-off-by: Jeesun Kim <iamjs.kim@samsung.com>
Change-Id: I5cdf32284d126b2e8835f5b0dafdd888895e4730

diff --git a/email-core/email-core-mm-callbacks.c b/email-core/email-core-mm-callbacks.c
index eef6494..8d9208b 100755 (executable)
--- a/email-core/email-core-mm-callbacks.c
+++ b/email-core/email-core-mm-callbacks.c
@@ -258,8 +258,8 @@ INTERNAL_FUNC void mm_login(NETMBX *mb, char *user, char *pwd, long trial)
        }
 
        if (EM_SAFE_STRLEN(username) > 0 && EM_SAFE_STRLEN(password) > 0) {
-               strcpy(user, username);
-               strcpy(pwd, password);
+               EM_SAFE_STRNCPY(user, username, NETMAXUSER- EM_SAFE_STRLEN(user) -1);
+               EM_SAFE_STRNCPY(pwd, password, MAILTMPLEN - EM_SAFE_STRLEN(pwd) -1);
        } else
                EM_DEBUG_EXCEPTION("User Information is NULL || EM_SAFE_STRLEN is 0 ");
 

diff --git a/email-core/email-core-utils.c b/email-core/email-core-utils.c
index 02d00b4..01b57a0 100755 (executable)
--- a/email-core/email-core-utils.c
+++ b/email-core/email-core-utils.c
@@ -3246,7 +3246,7 @@ int emcore_strip_HTML_tag(const char *input_html_file_path, char *input_encoding
 
        emcore_get_content_string(root_element, result_string, input_result_buffer_legnth, &exit_flag);
        char *replaced_string = reg_replace_new(result_string, "[ \t\r\n\v\f]+", " ");
-       EM_SAFE_STRCPY(output_result_buffer, replaced_string);
+       EM_SAFE_STRNCPY(output_result_buffer, replaced_string, input_result_buffer_legnth - EM_SAFE_STRLEN(output_result_buffer) -1);
        EM_SAFE_FREE(replaced_string);
        em_trim_left(output_result_buffer);