From: Jongkyu Koo <jk.koo@samsung.com>
Date: Tue, 7 Nov 2017 01:22:04 +0000 (+0900)
Subject: fix buffer overflow
X-Git-Tag: submit/tizen_3.0/20171107.015413^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=53489eb6b10de13ea2014231b208a1c0c1a27a7e;p=platform%2Fcore%2Fmessaging%2Fmsg-service.git

fix buffer overflow

Change-Id: I39e70cfd176d0ee8bb24b880c20cd25caaacc2ce
Signed-off-by: Jongkyu Koo <jk.koo@samsung.com>
---

diff --git a/externals/MsgSpamFilter.cpp b/externals/MsgSpamFilter.cpp
index c0f543d..eed53d9 100755
--- a/externals/MsgSpamFilter.cpp
+++ b/externals/MsgSpamFilter.cpp
@@ -140,7 +140,7 @@ bool MsgCheckFilter(MsgDbHandler *pDbHandle, MSG_MESSAGE_INFO_S *pMsgInfo)
 
 	int fileSize = 0;
 	bool bFiltered = false;
-
+	int tmpLen = 0;
 	for (int i = 1; i <= rowCnt; i++) {
 		memset(filterValue, 0x00, sizeof(filterValue));
 
@@ -173,20 +173,25 @@ bool MsgCheckFilter(MsgDbHandler *pDbHandle, MSG_MESSAGE_INFO_S *pMsgInfo)
 					pData = new char[pMsgInfo->dataSize+1];
 
 					strncpy(pData, pMsgInfo->msgText, pMsgInfo->dataSize);
-					pData[strlen(pMsgInfo->msgText)] = '\0';
+					tmpLen = strlen(pMsgInfo->msgText);
+					if ( tmpLen < pMsgInfo->dataSize)
+						pData[tmpLen] = '\0';
+					else
+						pData[pMsgInfo->dataSize] = '\0';
 				}
 			}
 		} else if (pMsgInfo->msgType.mainType == MSG_MMS_TYPE) {
-			if (strlen(pMsgInfo->subject) > 0) {
+			tmpLen = strlen(pMsgInfo->subject);
+			if (tmpLen > 0) {
 				if (pData) {
 					delete[] pData;
 					pData = NULL;
 				}
 
-				pData = new char[strlen(pMsgInfo->subject)+1];
+				pData = new char[tmpLen+1];
 
-				strncpy(pData, pMsgInfo->subject, strlen(pMsgInfo->subject));
-				pData[strlen(pMsgInfo->subject)] = '\0';
+				strncpy(pData, pMsgInfo->subject, tmpLen);
+				pData[tmpLen] = '\0';
 			}
 		}