From: Piotr Sawicki <p.sawicki2@partner.samsung.com>
Date: Mon, 24 Jul 2017 11:59:31 +0000 (+0200)
Subject: Protect from passing zero-length privileges to API
X-Git-Tag: submit/tizen/20170727.154157~1^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=054a09f08acc8bc5bbc4ac625d121a7a8b90ca96;p=platform%2Fcore%2Fsecurity%2Faskuser.git

Protect from passing zero-length privileges to API

Change-Id: I33c076339812e9bb0dedec047112793be90aaf5a
---

diff --git a/src/client/api/askuser-notification-client.cpp b/src/client/api/askuser-notification-client.cpp
index 9de7c6d..7faa1f2 100644
--- a/src/client/api/askuser-notification-client.cpp
+++ b/src/client/api/askuser-notification-client.cpp
@@ -20,6 +20,7 @@
  * @brief       This file contains the implementation of the askuser-notification client API.
  */
 
+#include <cstring>
 #include <memory>
 
 #include <log/alog.h>
@@ -100,6 +101,10 @@ int askuser_client_check_privilege(askuser_client *p_client,
         return ASKUSER_API_INVALID_PARAM;
     }
 
+    if (std::strlen(privilege) == 0) {
+        return ASKUSER_API_INVALID_PARAM;
+    }
+
     return AskUser::Client::tryCatch([&]() {
         *p_result = p_client->impl->checkPrivilege(privilege);
         return ASKUSER_API_SUCCESS;
@@ -115,6 +120,10 @@ int askuser_client_popup_request(askuser_client *p_client, const char *privilege
         return ASKUSER_API_INVALID_PARAM;
     }
 
+    if (std::strlen(privilege) == 0) {
+        return ASKUSER_API_INVALID_PARAM;
+    }
+
     return AskUser::Client::tryCatch([&]() {
         if (p_client->impl->popupRequestInProgress(privilege)) {
             return ASKUSER_API_ALREADY_IN_PROGRESS;