From: Janusz Majnert <j.majnert@samsung.com>
Date: Mon, 18 Feb 2013 12:39:30 +0000 (+0100)
Subject: Fix for several issues detected by Prevent
X-Git-Tag: submit/tizen_2.1/20130424.233001~5^2~8
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4c9af889fb607bb544c9c805e97a3f17defbb175;p=platform%2Fcore%2Fsecurity%2Fsecurity-server.git

Fix for several issues detected by Prevent

[Issue#] SSDWSSP-107
[Problem] Issues detected by Prevent
[Cause] N/A
[Solution] Please see comments below
[Verification] Build and run

Changes:
* Added a sanity check for new_pwd_len in (prevent #42100)
* Added a check for result of setuid in security server test case
  (prevent #42102)
* Fixed a bug in one of the test cases (comparing smack labels)
  (prevent #43435)
* Fixed a bug where one error condition was not handled properly, which in turn
  led to double free.

Change-Id: I54562981cf5e1201f8f62852da5cb6b3473df138
---

diff --git a/src/security-srv/server/security-server-main.c b/src/security-srv/server/security-server-main.c
index 3fa401c..3cb63b1 100644
--- a/src/security-srv/server/security-server-main.c
+++ b/src/security-srv/server/security-server-main.c
@@ -943,7 +943,7 @@ int process_tool_request(int client_sockfd, int server_sockfd)
 	memset(recved_argv, 0, sizeof(char *) * argcnum);
 
 	retval = recv_launch_tool_request(client_sockfd, argcnum -1, recved_argv);
-	if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
+	if(retval == SECURITY_SERVER_ERROR_RECV_FAILED || retval == SECURITY_SERVER_ERROR_OUT_OF_MEMORY)
 	{
 		SEC_SVR_DBG("%s", "Receiving request failed");
 		recved_argv = NULL;
diff --git a/src/security-srv/server/security-server-password.c b/src/security-srv/server/security-server-password.c
index a86c219..491f0aa 100644
--- a/src/security-srv/server/security-server-password.c
+++ b/src/security-srv/server/security-server-password.c
@@ -762,7 +762,7 @@ int process_set_pwd_request(int sockfd)
 		goto error;
 	}
 	retval = read(sockfd, &new_pwd_len, sizeof(char));
-	if(retval < sizeof(char)  || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
+	if(retval < sizeof(char)  || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN || new_pwd_len < 0)
 	{
 		SEC_SVR_DBG("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len);
 		retval = send_generic_response(sockfd,