From: duna.oh <duna.oh@samsung.com>
Date: Fri, 30 Aug 2024 08:28:48 +0000 (+0900)
Subject: Improve security by using strlen(arg)+1 to prevent an insecure strncmp usage
X-Git-Tag: accepted/tizen/unified/20240902.161320^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=952cdebf36dc3f61ee2bf07201eccc99c5155bae;p=platform%2Fcore%2Fuifw%2Fe-mod-tizen-gesture.git

Improve security by using strlen(arg)+1 to prevent an insecure strncmp usage

Change-Id: I08648d395a9309923af3c074a3e75b6b3952c1ec
---

diff --git a/src/e_mod_gesture_device.c b/src/e_mod_gesture_device.c
index 0146a67..6846a57 100644
--- a/src/e_mod_gesture_device.c
+++ b/src/e_mod_gesture_device.c
@@ -56,7 +56,7 @@ e_gesture_device_keydev_set(char *option)
         _e_gesture_device_keydev_create();
         gesture->device.kbd_name = strdup(E_GESTURE_KEYBOARD_NAME);
      }
-   else if (strncmp(option, "Any", sizeof("Any")))
+   else if (strncmp(option, "Any", sizeof("Any") + 1))
      {
         gesture->device.kbd_name = strdup(option);
      }
@@ -102,7 +102,7 @@ e_gesture_device_add(Ecore_Event_Device_Info *ev)
      {
         if (gesture->device.kbd_name)
           {
-             if (!strncmp(ev->name, gesture->device.kbd_name, strlen(gesture->device.kbd_name)))
+             if (!strncmp(ev->name, gesture->device.kbd_name, strlen(gesture->device.kbd_name) + 1))
                {
                   GTINF("%s(%s) device is key generated device in gesture\n", ev->name, ev->identifier);
                   gesture->device.kbd_identifier = strdup(ev->identifier);
@@ -130,7 +130,7 @@ e_gesture_device_del(Ecore_Event_Device_Info *ev)
      {
         EINA_LIST_FOREACH_SAFE(gesture->device.touch_devices, l, l_next, data)
           {
-             if (!strncmp(data, ev->identifier, strlen(ev->identifier)))
+             if (!strncmp(data, ev->identifier, strlen(ev->identifier) + 1))
                {
                   GTINF("%s(%s) device is touch device: remove list\n", ev->name, ev->identifier);
                   gesture->device.touch_devices = eina_list_remove(gesture->device.touch_devices, data);
@@ -141,7 +141,7 @@ e_gesture_device_del(Ecore_Event_Device_Info *ev)
    if ((gesture->device.kbd_identifier) &&
        (ev->clas == ECORE_DEVICE_CLASS_KEYBOARD))
      {
-        if (!strncmp(ev->name, gesture->device.kbd_name, strlen(gesture->device.kbd_name)))
+        if (!strncmp(ev->name, gesture->device.kbd_name, strlen(gesture->device.kbd_name) + 1))
           {
              GTWRN("Gesture keyboard device(%s) is disconnected. Gesture cannot create key events\n", gesture->device.kbd_name);
              E_FREE(gesture->device.kbd_identifier);