From: Jinhyung Jo <jinhyung.jo@samsung.com>
Date: Wed, 9 Aug 2017 12:28:47 +0000 (+0900)
Subject: source: fix security issues
X-Git-Tag: accepted/tizen/4.0/unified/20170828.223130~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2b01f773b7b1f615dba1fbc3247a336af7872896;p=sdk%2Ftarget%2Fsdbd.git

source: fix security issues

Change-Id: I49c6c58ec6646f33183881440e6a1bd6607801dd
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
---

diff --git a/src/sdb.c b/src/sdb.c
index 353995f..84d3b53 100644
--- a/src/sdb.c
+++ b/src/sdb.c
@@ -1629,13 +1629,8 @@ static void init_sdk_requirements() {
 
     // set env variable for temporary
     // TODO: should use pam instead later!!
-    if (!getenv("TERM")) {
-        putenv("TERM=linux");
-    }
-
-    if (!getenv("HOME")) {
-        putenv("HOME=/root");
-    }
+    putenv("TERM=linux");
+    putenv("HOME=/root");
 
     init_sdk_userinfo();
     init_root_userinfo();
@@ -1643,7 +1638,7 @@ static void init_sdk_requirements() {
     if (g_sdk_home_dir != NULL && stat(g_sdk_home_dir, &st) == 0) {
         if (st.st_uid != g_sdk_user_id || st.st_gid != g_sdk_group_id) {
             char cmd[128];
-            snprintf(cmd, sizeof(cmd), "chown %s:%s %s -R", SDK_USER_NAME, SDK_USER_NAME, g_sdk_home_dir);
+            snprintf(cmd, sizeof(cmd), "/usr/bin/chown %s:%s %s -R", SDK_USER_NAME, SDK_USER_NAME, g_sdk_home_dir);
             if (system(cmd) < 0) {
                 D("failed to change ownership to sdk user to %s\n", g_sdk_home_dir);
             }
diff --git a/src/socket_network_client.c b/src/socket_network_client.c
index 326040b..71f38cb 100644
--- a/src/socket_network_client.c
+++ b/src/socket_network_client.c
@@ -53,9 +53,14 @@ int socket_network_client(const char *host, int port, int type)
     while ((res = gethostbyname_r(host, &hostbuf, tmphstbuf, hstbuflen, &hp, &herr)) == ERANGE) {
         // enlarge the buffer
         hstbuflen *= 2;
-        tmphstbuf = realloc(tmphstbuf, hstbuflen);
-        if (tmphstbuf == NULL) {
+        void *tmpbuf = realloc(tmphstbuf, hstbuflen);
+        if (tmpbuf == NULL) {
+            if (tmphstbuf != NULL) {
+                free(tmphstbuf);
+            }
             return -1;
+        } else {
+            tmphstbuf = tmpbuf;
         }
     }
     if (res || hp == NULL) {
diff --git a/src/usb_linux.c b/src/usb_linux.c
index 7bf435b..0d8f2be 100644
--- a/src/usb_linux.c
+++ b/src/usb_linux.c
@@ -571,7 +571,7 @@ static void register_device(const char *dev_name,
     D("[ usb located new device %s (%d/%d/%d) ]\n",
         dev_name, ep_in, ep_out, interface);
     usb = calloc(1, sizeof(usb_handle));
-    strcpy(usb->fname, dev_name);
+    strncpy(usb->fname, dev_name, sizeof(usb->fname) - 1);
     usb->ep_in = ep_in;
     usb->ep_out = ep_out;
     usb->zero_mask = zero_mask;