From: Sangyoon Jang <jeremy.jang@samsung.com>
Date: Fri, 13 Jul 2018 07:21:27 +0000 (+0900)
Subject: Prevent buffer overflow of signal agent
X-Git-Tag: submit/tizen/20180716.095900~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1cb4027d02463550eaa89ba449bc2ce3d2cde759;p=platform%2Fcore%2Fappfw%2Fslp-pkgmgr.git

Prevent buffer overflow of signal agent

Change-Id: Ic55d8f5471e2963c7cf6fcc1d09dd166a5accae6
Signed-off-by: Sangyoon Jang <jeremy.jang@samsung.com>
---

diff --git a/installer/pkgmgr_installer_signal_agent.c b/installer/pkgmgr_installer_signal_agent.c
index 9d5ebd9..2e1b46c 100644
--- a/installer/pkgmgr_installer_signal_agent.c
+++ b/installer/pkgmgr_installer_signal_agent.c
@@ -225,6 +225,12 @@ static gboolean __handle_signal(gint fd, GIOCondition cond, gpointer user_data)
 	memcpy(&type_len, buf, sizeof(size_t));
 	memcpy(&data_len, buf + sizeof(size_t), sizeof(gsize));
 
+	if ((type_len + data_len) > BUFMAX) {
+		LOGE("received size is too large: %zu %zd", type_len, data_len);
+		close(clifd);
+		return FALSE;
+	}
+
 	r = recv(clifd, buf, type_len + data_len, 0);
 	if (r < 0) {
 		LOGE("recv failed: %d", errno);