From: Sooyoung Ha <yoosah.ha@samsung.com>
Date: Fri, 2 Jun 2017 06:27:57 +0000 (+0900)
Subject: source: add some defensive codes
X-Git-Tag: submit/tizen/20170612.121331~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=27536534686cbe24901a8e2d13f7269bb733c866;p=sdk%2Ftarget%2Fsdbd.git

source: add some defensive codes

Change-Id: I41c728f258b75b0d8d03f0bd8526fda73103d901
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
---

diff --git a/src/default_plugin_appcmd.c b/src/default_plugin_appcmd.c
index 62a0217..7c0405e 100644
--- a/src/default_plugin_appcmd.c
+++ b/src/default_plugin_appcmd.c
@@ -362,9 +362,11 @@ static void appcmd_receiver_packagelist(int fd_in, int fd_out)
         if (sub1 == NULL) {
             continue;
         }
-        sub1 = strstr(sub1, "[")+1;
+        sub1 = strstr(sub1, "[");
         if (sub1 == NULL) {
             continue;
+        } else {
+            sub1++;
         }
         sub2 = strstr(sub1, "]");
         if (sub2 == NULL) {
diff --git a/src/services.c b/src/services.c
index 2f4f0f6..c12a8d7 100644
--- a/src/services.c
+++ b/src/services.c
@@ -243,7 +243,8 @@ void inoti_service(int fd, void *arg)
             D( "inoti read failed\n");
             goto done;
         }
-        while (i >= 0 && i <= (length - EVENT_SIZE)) {
+        int payload = length >= EVENT_SIZE ? length - EVENT_SIZE : 0;
+        while (i >= 0 && i <= payload) {
             struct inotify_event *event = (struct inotify_event *) &buffer[i];
             if (event->len) {
                 if (event->mask & IN_CREATE) {
diff --git a/src/sockets.c b/src/sockets.c
index 5496eb0..f27affa 100644
--- a/src/sockets.c
+++ b/src/sockets.c
@@ -336,7 +336,7 @@ static void local_socket_event_func(int fd, unsigned ev, void *_s)
         while(avail > 0) {
             r = sdb_read(fd, x, avail);
             D("LS(%d): post sdb_read(fd=%d,...) r=%d (errno=%d) avail=%d\n", s->id, s->fd, r, r<0?errno:0, avail);
-            if(r > 0) {
+            if(r > 0 && r <= avail) {
                 avail -= r;
                 x += r;
                 continue;
@@ -353,18 +353,11 @@ static void local_socket_event_func(int fd, unsigned ev, void *_s)
         D("LS(%d): fd=%d post avail loop. r=%d is_eof=%d forced_eof=%d\n",
           s->id, s->fd, r, is_eof, s->fde.force_eof);
 
-#ifdef SUPPORT_ENCRYPT
     	//변경된 최대 패킷 크기로 코드 수정
         if((avail == max_payload) || (s->peer == 0)) {
-        	put_apacket(p);
-        } else {
-            p->len = max_payload - avail;
-#else
-        if((avail == max_payload) || (s->peer == 0)) {
             put_apacket(p);
         } else {
-            p->len = max_payload - avail;
-#endif
+            p->len = max_payload >= avail ? max_payload - avail : 0;
             r = s->peer->enqueue(s->peer, p);
             D("LS(%d): fd=%d post peer->enqueue(). r=%d\n", s->id, s->fd, r);
 
diff --git a/src/transport.c b/src/transport.c
index f8ee0e6..152a22a 100644
--- a/src/transport.c
+++ b/src/transport.c
@@ -437,9 +437,9 @@ transport_read_action(int  fd, struct tmsg*  m)
     size_t   len = sizeof(*m);
     int   r;
 
-    while(len > 0) {
+    while (len > 0) {
         r = sdb_read(fd, p, len);
-        if(r > 0) {
+        if (r > 0 && r <= len) {
             len -= r;
             p   += r;
         } else {
@@ -878,7 +878,7 @@ int readx(int fd, void *ptr, size_t len)
     D("readx: fd=%d wanted=%d\n", fd, len);
     while(len > 0) {
         r = sdb_read(fd, p, len);
-        if(r > 0) {
+        if(r > 0 && r <= len) {
             len -= r;
             p += r;
         } else {
diff --git a/src/usb_linux_client.c b/src/usb_linux_client.c
index efeff2c..ecea71a 100644
--- a/src/usb_linux_client.c
+++ b/src/usb_linux_client.c
@@ -112,7 +112,7 @@ int linux_usb_read(usb_handle *h, void *data, size_t len)
                     return -1;
                 }
             }
-            len -= n;
+            len = len >= n ? len - n : 0;
             data = ((char*) data) + n;
         }
         D("[ done fd=%d ]\n", h->fd);