From: Oskar Świtalski <o.switalski@samsung.com>
Date: Mon, 20 Jun 2016 12:35:46 +0000 (+0200)
Subject: Fix memory leak and limit max string size
X-Git-Tag: accepted/tizen/common/20160621.184308~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2e5f11f2fe2d0f969c6f7e3109d9ee6188c559bd;p=platform%2Fcore%2Fsecurity%2Faskuser.git

Fix memory leak and limit max string size

Change-Id: I5beb23123d9f29808106662158560639c27e99fc
Signed-off-by: Oskar Świtalski <o.switalski@samsung.com>
---

diff --git a/src/agent/notification-daemon/AskUserTalker.cpp b/src/agent/notification-daemon/AskUserTalker.cpp
index 2839380..e3369ed 100644
--- a/src/agent/notification-daemon/AskUserTalker.cpp
+++ b/src/agent/notification-daemon/AskUserTalker.cpp
@@ -33,6 +33,7 @@
 #include <exception/Exception.h>
 #include <translator/Translator.h>
 #include <config/Path.h>
+#include <config/Limits.h>
 
 #include <security-manager.h>
 
@@ -133,6 +134,8 @@ void AskUserTalker::run()
             break;
         }
 
+        Limits::checkSizeLimit(size);
+
         buf = new char[size];
 
         if (!Socket::recv(sockfd, buf, size)) {
diff --git a/src/agent/notification-daemon/GuiRunner.cpp b/src/agent/notification-daemon/GuiRunner.cpp
index 236d90c..3ef37f2 100644
--- a/src/agent/notification-daemon/GuiRunner.cpp
+++ b/src/agent/notification-daemon/GuiRunner.cpp
@@ -113,6 +113,11 @@ GuiRunner::GuiRunner()
     m_popupData = new PopupData({NResponseType::Deny, nullptr});
 }
 
+GuiRunner::~GuiRunner()
+{
+    delete m_popupData;
+}
+
 void GuiRunner::initialize()
 {
     elm_init(0, NULL);
diff --git a/src/agent/notification-daemon/GuiRunner.h b/src/agent/notification-daemon/GuiRunner.h
index 1a323fe..8d4c9df 100644
--- a/src/agent/notification-daemon/GuiRunner.h
+++ b/src/agent/notification-daemon/GuiRunner.h
@@ -47,6 +47,7 @@ struct drop {
 class GuiRunner {
 public:
     GuiRunner();
+    ~GuiRunner();
 
     NResponseType popupRun(const std::string &app, const std::string &perm);
 
diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
index 8d1e37e..43d52db 100644
--- a/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@@ -42,6 +42,7 @@ SET(COMMON_SOURCES
     ${COMMON_PATH}/translator/Translator.cpp
     ${COMMON_PATH}/types/AgentErrorMsg.cpp
     ${COMMON_PATH}/util/SafeFunction.cpp
+    ${COMMON_PATH}/config/Limits.cpp
     ${COMMON_PATH}/config/Path.cpp
     )
 
diff --git a/src/common/config/Limits.cpp b/src/common/config/Limits.cpp
new file mode 100644
index 0000000..3d89f6d
--- /dev/null
+++ b/src/common/config/Limits.cpp
@@ -0,0 +1,45 @@
+/*
+ *  Copyright (c) 2016 Samsung Electronics Co.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/**
+ * @file        src/common/config/Limits.cpp
+ * @author      Oskar Åwitalski <o.switalski@samsung.com>
+ * @brief       Definition of limits methods
+ */
+
+
+#include "Limits.h"
+
+#include <string>
+#include <exception/Exception.h>
+
+namespace AskUser {
+namespace Limits {
+
+namespace {
+
+constexpr size_t sizeLimit = 8192;
+
+}
+
+void checkSizeLimit(size_t size) {
+    if (size > sizeLimit)
+        throw Exception("Size exceeds limits; limit: " +
+                        std::to_string(sizeLimit) +
+                        " size: " + std::to_string(size));
+}
+
+} // namespace Limits
+} // namespace AskUser
diff --git a/src/common/config/Limits.h b/src/common/config/Limits.h
new file mode 100644
index 0000000..2d5a34d
--- /dev/null
+++ b/src/common/config/Limits.h
@@ -0,0 +1,32 @@
+/*
+ *  Copyright (c) 2016 Samsung Electronics Co.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/**
+ * @file        src/common/config/Limits.h
+ * @author      Oskar Åwitalski <o.switalski@samsung.com>
+ * @brief       Declaration of limits methods
+ */
+
+#pragma once
+
+#include <cstddef>
+
+namespace AskUser {
+namespace Limits {
+
+void checkSizeLimit(size_t size);
+
+} // namespace Limits
+} // namespace AskUser
