From: Jongkyu Koo <jk.koo@samsung.com>
Date: Tue, 7 Nov 2017 00:59:41 +0000 (+0900)
Subject: fix buffer overflow
X-Git-Tag: submit/tizen/20171107.015550^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3e24c06c140a91c9e74743f537d7a01e6d4b052e;p=platform%2Fcore%2Fmessaging%2Fmsg-service.git

fix buffer overflow

Change-Id: I93e62e429bf25ce47068c7457fae4ebfeb27c752
Signed-off-by: Jongkyu Koo <jk.koo@samsung.com>
---

diff --git a/externals/MsgSpamFilter.cpp b/externals/MsgSpamFilter.cpp
index 63aecd6..6b63b1a 100755
--- a/externals/MsgSpamFilter.cpp
+++ b/externals/MsgSpamFilter.cpp
@@ -162,7 +162,7 @@ bool MsgCheckFilter(MsgDbHandler *pDbHandle, MSG_MESSAGE_INFO_S *pMsgInfo)
 
 	int fileSize = 0;
 	bool bFiltered = false;
-
+	int tmpLen = 0;
 	for (int i = 1; i <= rowCnt; i++) {
 		memset(filterValue, 0x00, sizeof(filterValue));
 
@@ -195,20 +195,25 @@ bool MsgCheckFilter(MsgDbHandler *pDbHandle, MSG_MESSAGE_INFO_S *pMsgInfo)
 					pData = new char[pMsgInfo->dataSize+1];
 
 					strncpy(pData, pMsgInfo->msgText, pMsgInfo->dataSize);
-					pData[strlen(pMsgInfo->msgText)] = '\0';
+					tmpLen = strlen(pMsgInfo->msgText);
+					if ( tmpLen < pMsgInfo->dataSize)
+						pData[tmpLen] = '\0';
+					else
+						pData[pMsgInfo->dataSize] = '\0';
 				}
 			}
 		} else if (pMsgInfo->msgType.mainType == MSG_MMS_TYPE) {
-			if (strlen(pMsgInfo->subject) > 0) {
+			tmpLen = strlen(pMsgInfo->subject);
+			if (tmpLen > 0) {
 				if (pData) {
 					delete[] pData;
 					pData = NULL;
 				}
 
-				pData = new char[strlen(pMsgInfo->subject)+1];
+				pData = new char[tmpLen+1];
 
-				strncpy(pData, pMsgInfo->subject, strlen(pMsgInfo->subject));
-				pData[strlen(pMsgInfo->subject)] = '\0';
+				strncpy(pData, pMsgInfo->subject, tmpLen);
+				pData[tmpLen] = '\0';
 			}
 		}