From: shingil.kang <shingil.kang@samsung.com>
Date: Mon, 4 Jan 2016 08:29:30 +0000 (+0900)
Subject: Fixed codes which  may occur buffer overflow or resource leak
X-Git-Tag: submit/tizen/20160106.105500~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=05069c8600e86b0081a506cf3b5b72b62d57b330;p=sdk%2Ftarget%2Fsdbd.git

Fixed codes which  may occur buffer overflow or resource leak

Signed-off-by: shingil.kang <shingil.kang@samsung.com>

Change-Id: Iaebf52f17f2dd9a07d628d503976601e4530d367
---

diff --git a/src/properties.c b/src/properties.c
index c187d30..427cfe4 100644
--- a/src/properties.c
+++ b/src/properties.c
@@ -97,7 +97,7 @@ void property_save()
     }
 
     for (i = 0; sdbd_config[i].key; i++) {
-        sprintf(buffer,"%s%s%s\n", sdbd_config[i].key, PROPERTY_SEPARATOR, sdbd_config[i].value);
+        snprintf(buffer, sizeof(buffer), "%s%s%s\n", sdbd_config[i].key, PROPERTY_SEPARATOR, sdbd_config[i].value);
         sdb_write(fd, buffer, strlen(buffer));
     }
     sdb_close(fd);
diff --git a/src/sdktools.c b/src/sdktools.c
index 9de9ffa..ae160e8 100644
--- a/src/sdktools.c
+++ b/src/sdktools.c
@@ -212,7 +212,7 @@ int exec_app_standalone(const char* path) {
     for (i=0; i<cnt; i++) {
         D("tokenize: %dth: %s\n", i, tokens[i]);
 
-        if (!strcmp("export", tokens[i])) {
+        if (!strncmp(tokens[i], "export", sizeof("export"))) {
             flag = 0;
             i++;
             if (i>=cnt) break;
@@ -221,7 +221,7 @@ int exec_app_standalone(const char* path) {
             }
             i++;
             if (i>=cnt) break;
-            if (!strcmp("&&", tokens[i])) {
+            if (!strncmp(tokens[i], "&&", sizeof("&&"))) {
                 continue;
             }
         }
@@ -229,14 +229,14 @@ int exec_app_standalone(const char* path) {
             // TODO: check evn setting
         }
 
-        if(!strcmp(tokens[i], SDK_LAUNCH_PATH)) {
+        if(!strncmp(tokens[i], SDK_LAUNCH_PATH, sizeof(SDK_LAUNCH_PATH))) {
             int debug = 0;
             int pid = 0;
             char* pkg_id = NULL;
             char* executable = NULL;
             ++i;
             while( i < cnt ) {
-                if(!strcmp(tokens[i], "-attach")) {
+                if(!strncmp(tokens[i], "-attach", sizeof("-attach"))) {
                     if(++i < cnt) {
                         char* pid_pattern = "[1-9][0-9]{2,5}";
                         if (regcmp(pid_pattern, tokens[i])) {
@@ -244,12 +244,12 @@ int exec_app_standalone(const char* path) {
                         }
                     }
                 }
-                else if(!strcmp(tokens[i], "-p")) {
+                else if(!strncmp(tokens[i], "-p", sizeof("-p"))) {
                     if(++i < cnt) {
                         pkg_id = tokens[i];
                     }
                 }
-                else if(!strcmp(tokens[i], "-e")) {
+                else if(!strncmp(tokens[i], "-e", sizeof("-e"))) {
                     if(++i < cnt) {
                         executable = tokens[i];
                     }
@@ -351,7 +351,7 @@ int exec_app_standalone(const char* path) {
  */
 char* clone_gdbserver_label_from_app(const char* app_path) {
     char *new_appid = NULL;
-    char appid[APPID_MAX_LENGTH+1];
+    char appid[APPID_MAX_LENGTH+1] = {0, };
     char *buffer = NULL;
 
 #if 0
@@ -364,10 +364,10 @@ char* clone_gdbserver_label_from_app(const char* app_path) {
     int rc = smack_lgetlabel(app_path, &buffer, SMACK_LABEL_ACCESS);
 
     if (rc == 0 && buffer != NULL) {
-        strcpy(appid, buffer);
+        strncpy(appid, buffer, sizeof(appid) - 1);
         free(buffer);
     } else {
-        strcpy(appid, "_");
+        strncpy(appid, "_", sizeof(appid) - 1);
     }
     new_appid = (char *)malloc(sizeof(appid)+1);
     strncpy(new_appid, appid, APPID_MAX_LENGTH);
diff --git a/src/usb_funcfs_client.c b/src/usb_funcfs_client.c
index dd2abf6..02c4fd1 100644
--- a/src/usb_funcfs_client.c
+++ b/src/usb_funcfs_client.c
@@ -169,6 +169,7 @@ static void init_functionfs(struct usb_handle *h)
     if (h->control < 0) {
         D("[ %s: cannot open control endpoint ]\n", h->EP0_NAME);
         h->control = -errno;
+        sdb_mutex_unlock(&h->control_lock);
         goto error;
     }
 
@@ -178,6 +179,7 @@ static void init_functionfs(struct usb_handle *h)
     if (ret < 0) {
         D("[ %s: cannot write descriptors ]\n", h->EP0_NAME);
         h->control = -errno;
+        sdb_mutex_unlock(&h->control_lock);
         goto error;
     }
 
@@ -187,13 +189,13 @@ static void init_functionfs(struct usb_handle *h)
     if(ret < 0) {
         D("[ %s: cannot write strings ]\n", h->EP0_NAME);
         h->control = -errno;
+        sdb_mutex_unlock(&h->control_lock);
         goto error;
     }
 
     sdb_cond_signal(&h->control_notify);
     sdb_mutex_unlock(&h->control_lock);
 
-
     /* once configuration is passed to FunctionFS, io endpoints can be opened */
 
     /* open output endpoint */
@@ -201,7 +203,7 @@ static void init_functionfs(struct usb_handle *h)
     if ((h->bulk_out = sdb_open(h->EP_OUT_NAME, O_RDWR)) < 0) {
         D("[ %s: cannot open bulk-out endpoint ]\n", h->EP_OUT_NAME);
         h->bulk_out = -errno;
-        return;
+        goto error;
     }
 
     /* open input endpoint */
@@ -209,13 +211,24 @@ static void init_functionfs(struct usb_handle *h)
     if ((h->bulk_in = sdb_open(h->EP_IN_NAME, O_RDWR)) < 0) {
         D("[ %s: cannot open bulk-in endpoint ]\n", h->EP_IN_NAME);
         h->bulk_in = -errno;
-        return;
+        goto error;
     }
 
     return;
 
 error:
-    sdb_mutex_unlock(&h->control_lock);
+    if (h->bulk_in > 0) {
+        sdb_close(h->bulk_in);
+        h->bulk_in = -1;
+    }
+    if (h->bulk_out > 0) {
+        sdb_close(h->bulk_out);
+        h->bulk_out = -1;
+    }
+    if (h->control > 0) {
+        sdb_close(h->control);
+        h->control = -1;
+    }
 }
 
 static void *usb_open_thread(void *x)