fix svace issue

Change-Id: Ice9f48dd43c04d2d367feab0a9ae427e7458bf03
Signed-off-by: intae, jeon <intae.jeon@samsung.com>

diff --git a/email-common-use/include/email-errors.h b/email-common-use/include/email-errors.h
index d1e2d84..97173a6 100755 (executable)
--- a/email-common-use/include/email-errors.h
+++ b/email-common-use/include/email-errors.h
@@ -195,6 +195,7 @@
 /* Etc */
 #define EMAIL_ERROR_ALREADY_INITIALIZED                 -7321    /**<  The thread is already intialized */
 #define EMAIL_ERROR_NOT_INITIALIZED                     -7322    /**<  The thread is not intialized */
+#define EMAIL_ERROR_LOOP_COUNT                         -7323    /**<  The loop count tainted */
 #define EMAIL_ERROR_UNKNOWN                             -8000    /**<  Unknown error */
 
 /* Should be replaced with proper name */

diff --git a/email-core/email-core-gmime.c b/email-core/email-core-gmime.c
index 7ec0c59..486cf82 100755 (executable)
--- a/email-core/email-core-gmime.c
+++ b/email-core/email-core-gmime.c
@@ -155,6 +155,7 @@ INTERNAL_FUNC int emcore_gmime_pop3_parse_mime(char *eml_path, struct _m_content
        if (parser) g_object_unref(parser);
        if (!message) { /* prevent null check for message */
                EM_DEBUG_EXCEPTION("g_mime_parser_construct_message error");
+               EM_SAFE_CLOSE(fd);
                return false;
        }
 
@@ -213,6 +214,7 @@ INTERNAL_FUNC int emcore_gmime_eml_parse_mime(char *eml_path,
        if (parser) g_object_unref(parser);
        if (!message) { /* prevent null check for message */
                EM_DEBUG_EXCEPTION("g_mime_parser_construct_message error");
+               EM_SAFE_CLOSE(fd);
                return false;
        }
 

diff --git a/email-core/email-storage/email-storage.c b/email-core/email-storage/email-storage.c
index 0de3a0b..6802db6 100755 (executable)
--- a/email-core/email-storage/email-storage.c
+++ b/email-core/email-storage/email-storage.c
@@ -3444,17 +3444,29 @@ INTERNAL_FUNC int emstorage_get_account_list(char *multi_user_name, int *select_
        EM_DEBUG_DB_EXEC(SQLITE_OK != rc, {error = EMAIL_ERROR_DB_FAILURE; sqlite3_free_table(result); goto FINISH_OFF; },
                ("SQL(%s) sqlite3_get_table fail:%d -%s", sql, rc, sqlite3_errmsg(local_db_handle)));
 
+
        count = atoi(result[1]);
        sqlite3_free_table(result);
 
+
        EM_DEBUG_LOG_DEV("count = %d", rc);
 
+
+
        if (count <= 0) {
                EM_DEBUG_LOG("no account found...");
                error = EMAIL_ERROR_ACCOUNT_NOT_FOUND;
                ret = true;
                goto FINISH_OFF;
        }
+
+       if (count > EMAIL_ACCOUNT_MAX) {
+               EM_DEBUG_EXCEPTION("OVERFLOWED THE MAX ACCOUNT");
+               error = EMAIL_ERROR_ACCOUNT_MAX_COUNT;
+               ret = true;
+               goto FINISH_OFF;
+       }
+
        SNPRINTF(sql_query_string, sizeof(sql_query_string), "SELECT ");
        sql_len = EM_SAFE_STRLEN(sql_query_string);
 
@@ -10406,6 +10418,14 @@ INTERNAL_FUNC int emstorage_get_attachment_list(char *multi_user_name, int input
                goto FINISH_OFF;
        }
 
+       if (*output_attachment_count > EMAIL_ATTACHMENT_MAX_COUNT || *output_attachment_count < 0) {
+               EM_DEBUG_EXCEPTION("loop count error");
+               error = EMAIL_ERROR_LOOP_COUNT;
+               goto FINISH_OFF;
+
+       }
+
+
        p_data_tbl = (emstorage_attachment_tbl_t*)em_malloc(sizeof(emstorage_attachment_tbl_t) * (*output_attachment_count));
 
        if (!p_data_tbl) {
@@ -13614,6 +13634,13 @@ INTERNAL_FUNC int emstorage_get_pbd_account_list(char *multi_user_name, int **ac
                goto FINISH_OFF;
        }
 
+       if (*count > MAX_LOOP_COUNT) {
+               EM_DEBUG_EXCEPTION("loop count error");
+               error = EMAIL_ERROR_LOOP_COUNT;
+               ret = true;
+               goto FINISH_OFF;
+       }
+
        EM_DEBUG_LOG("Account count [%d]", *count);
 
        memset(sql_query_string, 0x00, sizeof(sql_query_string));
@@ -13719,6 +13746,15 @@ INTERNAL_FUNC int emstorage_get_pbd_activity_data(char *multi_user_name, int acc
                ret = true;
                goto FINISH_OFF;
        }
+
+       if (*count > MAX_LOOP_COUNT) {
+               EM_DEBUG_EXCEPTION("loop count error");
+               error = EMAIL_ERROR_LOOP_COUNT;
+               ret = true;
+               goto FINISH_OFF;
+       }
+
+
        EM_DEBUG_LOG("Activity Count = %d", *count);
 
        memset(sql_query_string, 0x00, sizeof(sql_query_string));
@@ -16785,6 +16821,13 @@ INTERNAL_FUNC int emstorage_query_task(char *multi_user_name,
                goto FINISH_OFF;
        }
 
+       if (count > MAX_LOOP_COUNT || count < 0) {
+               EM_DEBUG_EXCEPTION("loop count error");
+               err = EMAIL_ERROR_LOOP_COUNT;
+               goto FINISH_OFF;
+       }
+
+
        SNPRINTF_OFFSET(sql_query_string, cur_query, QUERY_SIZE,
                                        "SELECT %s FROM mail_task_tbl %s %s", field_list, input_conditional_clause, input_ordering_clause);
        EM_DEBUG_LOG_SEC("emstorage_query_mail_list : query[%s].", sql_query_string);

diff --git a/email-core/email-storage/include/email-storage.h b/email-core/email-storage/include/email-storage.h
index d2b95a0..bd45b69 100755 (executable)
--- a/email-core/email-storage/include/email-storage.h
+++ b/email-core/email-storage/include/email-storage.h
@@ -54,6 +54,7 @@ extern "C"
 #ifdef __FEATURE_BULK_DELETE_MOVE_UPDATE_REQUEST_OPTI__
 #define QUERY_SIZE          8192
 #define MAX_INTEGER_LENGTH  5  /*  32767 -> 5 bytes */
+#define MAX_LOOP_COUNT 10000  /* loop count for higher bound check */
 #define FILE_MAX_BUFFER_SIZE     16 * 1024 /* 16 Kbyte */
 
 #define DB_STMT sqlite3_stmt *