From: jkjo92 <jkjo92@samsung.com>
Date: Thu, 27 Jul 2017 02:37:51 +0000 (+0900)
Subject: fix security svace issue
X-Git-Tag: accepted/tizen/4.0/unified/20170816.011358^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3843896488b0b895cff033456630954108d7a1d3;p=platform%2Fcore%2Faccount%2Ffido-asm.git

fix security svace issue

Change-Id: Ic3f37794e46d4db03f57973257bacfe3d75c18d9
Signed-off-by: jkjo92 <jkjo92@samsung.com>
---

diff --git a/server/auth_discovery/src/BoundADProvider.cpp b/server/auth_discovery/src/BoundADProvider.cpp
old mode 100644
new mode 100755
index 0a2bd7b..f2a26b8
--- a/server/auth_discovery/src/BoundADProvider.cpp
+++ b/server/auth_discovery/src/BoundADProvider.cpp
@@ -54,6 +54,7 @@ BoundADProvider::getAuthStubList(void)
 		stubList->push_back(it->second);
 		_INFO("");
 	}
+	delete __stubCache;
 	_INFO("");
 	return stubList;
 }
diff --git a/server/src/AsmStorage.cpp b/server/src/AsmStorage.cpp
old mode 100644
new mode 100755
index add6a9f..604402d
--- a/server/src/AsmStorage.cpp
+++ b/server/src/AsmStorage.cpp
@@ -799,6 +799,7 @@ AsmStorage::searchData(IStorageParcel *parcel)
 	char q[BUFFLEN] = {0};
 	char *value = NULL;
 	char query[BUFFLEN] = {0};
+	char execquery[BUFFLEN] = {0};
 
 
 	SearchCbData cbData;
@@ -1029,7 +1030,8 @@ AsmStorage::searchData(IStorageParcel *parcel)
 	cbData.resList = resultList;
 
 	_INFO("AsmStorage::searchData:: query = [%s]", query);
-	int ret = sqlite3_exec(dbHandle, query, searchItemCb, &cbData, &errMsg);
+	sqlite3_mprintf(execquery, query);
+	int ret = sqlite3_exec(dbHandle, execquery, searchItemCb, &cbData, &errMsg);
 	_INFO("AsmStorage::searchData:: ERROR MSG : [%s]", errMsg);
 	CATCH_IF_FAIL(ret == SQLITE_OK);
 
@@ -1057,6 +1059,7 @@ AsmStorage::deleteData(IStorageParcel *parcel)
 	char *errMsg = NULL;
 	char q[BUFFLEN] = {0};
 	char *value = NULL;
+	char execquery[BUFFLEN] = {0};
 	char query[BUFFLEN] = {0};
 	RET_IF_FAIL(parcel != NULL, SQLITE_ERROR);
 	int ret = 0;
@@ -1154,8 +1157,8 @@ AsmStorage::deleteData(IStorageParcel *parcel)
 		_ERR("AUTHLIST does not allow deletion of entries");
 		goto CATCH;
 	}
-
-	ret = sqlite3_exec(dbHandle, query, NULL, 0, &errMsg);
+	sqlite3_mprintf(execquery, query);
+	ret = sqlite3_exec(dbHandle, execquery, NULL, 0, &errMsg);
 	_INFO("AsmStorage::deleteData:: ERROR MSG : [%s]", errMsg);
 	CATCH_IF_FAIL(ret == SQLITE_OK);