From: Seonah Moon <seonah1.moon@samsung.com>
Date: Fri, 29 Sep 2017 04:22:30 +0000 (+0900)
Subject: [CID-23530,36000,41817,43904] fix bugs
X-Git-Tag: submit/tizen/20171010.084928^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=84d24c2201a1fad1028877a689f2761af672246b;p=platform%2Fcore%2Fapi%2Fhttp.git

[CID-23530,36000,41817,43904] fix bugs

- Unchecked return value
- Untrusted loop bound

Change-Id: Idc22e96c3aafd8bec559113aaa12762352e937d5
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
---

diff --git a/include/http_private.h b/include/http_private.h
index faf6d64..aa25e34 100644
--- a/include/http_private.h
+++ b/include/http_private.h
@@ -223,7 +223,7 @@ int _set_authentication_info(http_transaction_h http_transaction);
 gchar* parse_values(const gchar* string, int from_index, int to_index);
 
 FILE* _get_upload_file(http_transaction_h http_transaction);
-void _open_upload_file(http_transaction_h http_transaction);
+int _open_upload_file(http_transaction_h http_transaction);
 void _close_upload_file(__http_transaction_h *http_transaction);
 
 void _http_transaction_start_timer(guint msecs, gboolean(*callback) (gpointer), void *user_data);
diff --git a/packaging/capi-network-http.spec b/packaging/capi-network-http.spec
index 0b3db89..d44f5ad 100644
--- a/packaging/capi-network-http.spec
+++ b/packaging/capi-network-http.spec
@@ -1,6 +1,6 @@
 Name:		capi-network-http
 Summary:	Http Framework
-Version:	0.0.29
+Version:	0.0.30
 Release:	0
 Group:		System/Network
 License:	Apache-2.0
diff --git a/src/http_header.c b/src/http_header.c
index bdba24a..d565701 100644
--- a/src/http_header.c
+++ b/src/http_header.c
@@ -88,15 +88,14 @@ API int http_transaction_header_remove_field(http_transaction_h http_transaction
 	_retvm_if(header->hash_table == NULL, HTTP_ERROR_INVALID_OPERATION,
 			"There are no custom header\n");
 
-	g_hash_table_lookup_extended(header->hash_table, field_name, &orig_key, &orig_value);
-	if (g_hash_table_remove(header->hash_table, field_name)) {
-		if (orig_key)
+	if (g_hash_table_lookup_extended(header->hash_table, field_name, &orig_key, &orig_value)) {
+		if (g_hash_table_remove(header->hash_table, field_name)) {
 			g_free(orig_key);
-
-		if (orig_value)
 			g_free(orig_value);
-
-		return HTTP_ERROR_NONE;
+			return HTTP_ERROR_NONE;
+		} else {
+			return HTTP_ERROR_INVALID_OPERATION;
+		}
 	} else {
 		ERR("field_name doesn't exist!!");
 		return HTTP_ERROR_INVALID_OPERATION;
diff --git a/src/http_request.c b/src/http_request.c
index 9f1fac7..7a81029 100644
--- a/src/http_request.c
+++ b/src/http_request.c
@@ -278,15 +278,20 @@ int _get_request_body_size(http_transaction_h http_transaction, int *body_size)
 	return HTTP_ERROR_NONE;
 }
 
-void _open_upload_file(http_transaction_h http_transaction)
+int _open_upload_file(http_transaction_h http_transaction)
 {
 	__http_transaction_h *transaction = (__http_transaction_h *)http_transaction;
 	__http_request_h *request = transaction->request;
 	struct stat file_info;
 
-	stat(request->upload_file, &file_info);
+	if (stat(request->upload_file, &file_info) != 0) {
+		ERR("stat() is failed.");
+		return HTTP_ERROR_OPERATION_FAILED;
+	}
 	request->fp = fopen(request->upload_file, "rb");
 	request->upload_size = (curl_off_t)file_info.st_size;
+
+	return HTTP_ERROR_NONE;
 }
 
 void _close_upload_file(__http_transaction_h *transaction)
diff --git a/src/http_transaction.c b/src/http_transaction.c
index a9ea3ec..396a21f 100644
--- a/src/http_transaction.c
+++ b/src/http_transaction.c
@@ -338,11 +338,10 @@ int _transaction_submit(gpointer user_data)
 		curl_easy_setopt(transaction->easy_handle, CURLOPT_SSL_VERIFYHOST, 0);
 
 	} else {
-			curl_easy_setopt(transaction->easy_handle, CURLOPT_CAPATH, transaction->ca_path);
-			DBG("CA path is (%s)", transaction->ca_path);
-
-		curl_easy_setopt(transaction->easy_handle, CURLOPT_SSL_VERIFYPEER, 0);
-		curl_easy_setopt(transaction->easy_handle, CURLOPT_SSL_VERIFYHOST, 2);
+		curl_easy_setopt(transaction->easy_handle, CURLOPT_CAPATH, transaction->ca_path);
+		DBG("CA path is (%s)", transaction->ca_path);
+		curl_easy_setopt(transaction->easy_handle, CURLOPT_SSL_VERIFYPEER, 1L);
+		curl_easy_setopt(transaction->easy_handle, CURLOPT_SSL_VERIFYHOST, 2L);
 		curl_easy_setopt(transaction->easy_handle, CURLOPT_SSL_CIPHER_LIST, "HIGH");
 	}
 
@@ -447,7 +446,9 @@ int _transaction_submit(gpointer user_data)
 
 	/* Setup for PUT method */
 	if (transaction->upload_event) {
-		_open_upload_file(transaction);
+		if (_open_upload_file(transaction) != HTTP_ERROR_NONE)
+			return CURLM_INTERNAL_ERROR;
+
 		curl_easy_setopt(transaction->easy_handle, CURLOPT_UPLOAD, 1L);
 		curl_easy_setopt(transaction->easy_handle, CURLOPT_READFUNCTION, __handle_upload_cb);
 		curl_easy_setopt(transaction->easy_handle, CURLOPT_READDATA, transaction);
diff --git a/test/http_test.c b/test/http_test.c
index 2142663..f86564d 100644
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -284,8 +284,10 @@ int test_multiple_get(void)
 	printf("Input count of transactions(1~10): ");
 	ret = scanf("%d", &count);
 
-	if (count > 10)
-		count = 10;
+	if (count < 0 || count > 10) {
+		printf("Invalid input!\n");
+		return 0;
+	}
 
 	for (i = 0; i < count; i++) {
 		char uri[1024];