From: adhavan.m Date: Wed, 28 Mar 2018 12:52:46 +0000 (+0530) Subject: Fix for sdbd security issues X-Git-Tag: accepted/tizen/unified/20180423.130950~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=408090ba7e23fd762ad1ac26e09670491afc2ade;p=sdk%2Ftarget%2Fsdbd.git Fix for sdbd security issues Change-Id: Ideaab3d8fb75eb21973ec12856cc5c82e58f90a8 Signed-off-by: adhavan.m --- diff --git a/src/default_plugin_appcmd.c b/src/default_plugin_appcmd.c index c360f62..07396dc 100644 --- a/src/default_plugin_appcmd.c +++ b/src/default_plugin_appcmd.c @@ -82,14 +82,14 @@ static int appcmd_install_gen_shellcmd(appcmd_info* p_info) { if (strncmp(pkgid, "null", 4) == 0) { if (strncmp(teppath, "null", 4) == 0) { /* Normal install case */ - snprintf(buf, len, "pkgcmd -i -q -t %s -p %s -G", type, pkgpath); + snprintf(buf, len, "pkgcmd -i -q -t \'%s\' -p \'%s\' -G", type, pkgpath); } else { /* TEP install case */ - snprintf(buf, len, "pkgcmd -i -q -p %s -e %s -G", pkgpath, teppath); + snprintf(buf, len, "pkgcmd -i -q -p \'%s\' -e \'%s\' -G", pkgpath, teppath); } } else { /* Re-install case */ - snprintf(buf, len, "pkgcmd -r -q -t %s -n %s", type, pkgid); + snprintf(buf, len, "pkgcmd -r -q -t \'%s\' -n \'%s\'", type, pkgid); } return 0; @@ -109,7 +109,7 @@ static int appcmd_uninstall_gen_shellcmd(appcmd_info* p_info) { D("args: pkgid=%s\n", pkgid); - snprintf(buf, len, "pkgcmd -u -q -n %s", pkgid); + snprintf(buf, len, "pkgcmd -u -q -n \'%s\'", pkgid); return 0; } @@ -128,10 +128,10 @@ static int appcmd_runapp_gen_shellcmd(appcmd_info* p_info) { D("args: appid=%s\n", appid); - snprintf(buf, len, "/usr/bin/pkginfo --app %s | grep component: | awk '{print $2}'" + snprintf(buf, len, "/usr/bin/pkginfo --app \'%s\' | grep component: | awk '{print $2}'" " | while read var; do if [ $var = watchapp ] || [ $var = widgetapp ]; then /usr/bin/app_launcher " - "--start org.tizen.widget_viewer_sdk widget_id %s; else /usr/bin/app_launcher " - "--start %s; fi; done", appid, appid, appid); + "--start org.tizen.widget_viewer_sdk widget_id \'%s\'; else /usr/bin/app_launcher " + "--start \'%s\'; fi; done", appid, appid, appid); return 0; } @@ -164,7 +164,7 @@ static int appcmd_rununittestapp_gen_shellcmd(appcmd_info* p_info) { D("args: appid=%s, usr_args=%s\n", appid, usr_args); - snprintf(buf, len, "/usr/bin/app_launcher -s %s __AUL_SDK__ UNIT_TEST __LAUNCH_APP_MODE__ SYNC __DLP_UNIT_TEST_ARG__ \'%s\'", appid, usr_args); + snprintf(buf, len, "/usr/bin/app_launcher -s \'%s\' __AUL_SDK__ UNIT_TEST __LAUNCH_APP_MODE__ SYNC __DLP_UNIT_TEST_ARG__ \'%s\'", appid, usr_args); return 0; } @@ -183,7 +183,7 @@ static int appcmd_killapp_gen_shellcmd(appcmd_info* p_info) { D("args: appid=%s\n", appid); - snprintf(buf, len, "/usr/bin/app_launcher --kill %s", appid); + snprintf(buf, len, "/usr/bin/app_launcher --kill \'%s\'", appid); return 0; } @@ -202,7 +202,7 @@ static int appcmd_packagelist_gen_shellcmd(appcmd_info* p_info) { D("args: type=%s\n", type); - snprintf(buf, len, "/usr/bin/pkgcmd -l -t %s", type); + snprintf(buf, len, "/usr/bin/pkgcmd -l -t \'%s\'", type); return 0; } @@ -221,7 +221,7 @@ static int appcmd_debugwebapp_gen_shellcmd(appcmd_info* p_info) { D("args: appid=%s\n", appid); - snprintf(buf, len, "/usr/bin/app_launcher --start %s -w", appid); + snprintf(buf, len, "/usr/bin/app_launcher --start \'%s\' -w", appid); return 0; } @@ -249,10 +249,10 @@ static int appcmd_debugnativeapp_gen_shellcmd(appcmd_info* p_info) { D("args: debug_port=%s, appid=%s, pid=%d, gdbserver_path=%s\n", debug_port, appid, pid, gdbserver_path); if (pid == -1) { - snprintf(buf, len, "/usr/bin/app_launcher --start %s __AUL_SDK__ DEBUG __DLP_DEBUG_ARG__ :%s __DLP_GDBSERVER_PATH__ %s", appid, debug_port, gdbserver_path); + snprintf(buf, len, "/usr/bin/app_launcher --start \'%s\' __AUL_SDK__ DEBUG __DLP_DEBUG_ARG__ :\'%s\' __DLP_GDBSERVER_PATH__ \'%s\'", appid, debug_port, gdbserver_path); } else { /* attach mode */ - snprintf(buf, len, "/usr/bin/launch_debug %s __AUL_SDK__ ATTACH __DLP_GDBSERVER_PATH__ %s __DLP_ATTACH_ARG__ --attach,:%s,%d", appid, gdbserver_path, debug_port, pid); + snprintf(buf, len, "/usr/bin/launch_debug \'%s\' __AUL_SDK__ ATTACH __DLP_GDBSERVER_PATH__ \'%s\' __DLP_ATTACH_ARG__ --attach,:\'%s\',%d", appid, gdbserver_path, debug_port, pid); } return 0; @@ -272,7 +272,7 @@ static int appcmd_appinfo_gen_shellcmd(appcmd_info* p_info) { D("args: pkgid=%s\n", pkgid); - snprintf(buf, len, "/usr/bin/pkginfo --list %s", pkgid); + snprintf(buf, len, "/usr/bin/pkginfo --list \'%s\'", pkgid); return 0; } @@ -374,6 +374,9 @@ static void appcmd_receiver_packagelist(int fd_in, int fd_out) } sub2[0] = '\0'; + if ((out_ptr + strlen(sub1) + 1) > sizeof(out_buf)) { + break; + } snprintf(out_buf+out_ptr, sizeof(out_buf)-out_ptr, ":%s", sub1); out_ptr += strlen(sub1)+1; } @@ -415,12 +418,18 @@ static void appcmd_receiver_appinfo(int fd_in, int fd_out) memset(appid, 0, sizeof(appid)); sscanf(buf, "Appid: %127s", appid); + if ((out_ptr + strlen(appid) + 1) > sizeof(out_buf)) { + break; + } snprintf(out_buf+out_ptr, sizeof(out_buf)-out_ptr, ":%s", appid); out_ptr += strlen(appid)+1; } else if (!strncmp(buf, "Apptype: ", 9)) { memset(apptype, 0, sizeof(apptype)); sscanf(buf, "Apptype: %127s", apptype); + if ((out_ptr + strlen(apptype) + 1) > sizeof(out_buf)) { + break; + } snprintf(out_buf+out_ptr, sizeof(out_buf)-out_ptr, ":%s", apptype); out_ptr += strlen(apptype)+1; } diff --git a/src/services.c b/src/services.c index 20a1d57..06550fc 100644 --- a/src/services.c +++ b/src/services.c @@ -914,11 +914,11 @@ static void get_platforminfo(int fd, void *cookie) { pinfo sysinfo; char *value = NULL; - s_strncpy(sysinfo.platform_info_version, INFO_VERSION, strlen(INFO_VERSION)); + s_strncpy(sysinfo.platform_info_version, INFO_VERSION, sizeof(sysinfo.platform_info_version)); int r = system_info_get_platform_string("http://tizen.org/system/model_name", &value); if (r != SYSTEM_INFO_ERROR_NONE) { - s_strncpy(sysinfo.model_name, UNKNOWN, strlen(UNKNOWN)); + s_strncpy(sysinfo.model_name, UNKNOWN, sizeof(sysinfo.model_name)); D("fail to get system model:%d\n", errno); } else { s_strncpy(sysinfo.model_name, value, sizeof(sysinfo.model_name)); @@ -930,7 +930,7 @@ static void get_platforminfo(int fd, void *cookie) { r = system_info_get_platform_string("http://tizen.org/system/platform.name", &value); if (r != SYSTEM_INFO_ERROR_NONE) { - s_strncpy(sysinfo.platform_name, UNKNOWN, strlen(UNKNOWN)); + s_strncpy(sysinfo.platform_name, UNKNOWN, sizeof(sysinfo.platform_name)); D("fail to get platform name:%d\n", errno); } else { s_strncpy(sysinfo.platform_name, value, sizeof(sysinfo.platform_name)); @@ -944,7 +944,7 @@ static void get_platforminfo(int fd, void *cookie) { // FIXME: the result is different when using SYSTEM_INFO_KEY_TIZEN_VERSION_NAME r = system_info_get_platform_string("tizen.org/feature/platform.version", &value); if (r != SYSTEM_INFO_ERROR_NONE) { - s_strncpy(sysinfo.platform_version, UNKNOWN, strlen(UNKNOWN)); + s_strncpy(sysinfo.platform_version, UNKNOWN, sizeof(sysinfo.platform_version)); D("fail to get platform version:%d\n", errno); } else { s_strncpy(sysinfo.platform_version, value, sizeof(sysinfo.platform_version)); @@ -956,7 +956,7 @@ static void get_platforminfo(int fd, void *cookie) { r = system_info_get_platform_string("tizen.org/feature/profile", &value); if (r != SYSTEM_INFO_ERROR_NONE) { - s_strncpy(sysinfo.profile_name, UNKNOWN, strlen(UNKNOWN)); + s_strncpy(sysinfo.profile_name, UNKNOWN, sizeof(sysinfo.profile_name)); D("fail to get profile name:%d\n", errno); } else { s_strncpy(sysinfo.profile_name, value, sizeof(sysinfo.profile_name));