From: Dongkyun Son <dongkyun.s@samsung.com>
Date: Tue, 7 Jun 2022 09:13:13 +0000 (+0900)
Subject: Fix [ASAN][BUG] heap-buffer-overflow in sdbd
X-Git-Tag: accepted/tizen/6.5/unified/20220613.161509^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=900e6b07f4b9f44a69a81e9c5de189fda787f4f2;p=sdk%2Ftarget%2Fsdbd.git

Fix [ASAN][BUG] heap-buffer-overflow in sdbd

Change-Id: I233898809080cce9915418a586873d9d65c7ea2b
Signed-off-by: Sungguk Na <sungguk.na@samsung.com>y
Signed-off-by: Dongkyun Son <dongkyun.s@samsung.com>
(cherry picked from commit 126f0f6f90d20db82570936aa9241fbd0943bfdd)
---

diff --git a/src/default_plugin_basic.c b/src/default_plugin_basic.c
index 8d6a1f4..b311a45 100755
--- a/src/default_plugin_basic.c
+++ b/src/default_plugin_basic.c
@@ -383,7 +383,9 @@ int verify_handle_by_plugin ( parameters* in, parameters* out )
     }
 
     //the data contains the string sample-echo followed by space and then the user string, hence checking for space.
-    if((in->array_of_parameter[0].v_string.data[11] == ' ')&&(!strncmp(in->array_of_parameter[0].v_string.data, "sample-echo", strlen("sample-echo")))) {
+    if((in->array_of_parameter[0].v_string.length >= 12) &&
+            (in->array_of_parameter[0].v_string.data[11] == ' ') &&
+            (!strncmp(in->array_of_parameter[0].v_string.data, "sample-echo", strlen("sample-echo")))) {
     	out->array_of_parameter[0].type = type_int32;
     	out->array_of_parameter[0].v_int32 = PLUGIN_RET_HANDLE;
     }