From: Junghoon Park Date: Fri, 10 Jun 2016 05:19:42 +0000 (+0900) Subject: Add validation checker for receiving packets X-Git-Tag: accepted/tizen/common/20160614.143645~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=accc6e6e360a46b4868159427af60996ac19c6e1;p=platform%2Fcore%2Fappfw%2Faul-1.git Add validation checker for receiving packets Change-Id: Ibaa4bb2a26b1e51b075da10d08e61ddc33988ea2 Signed-off-by: Junghoon Park --- diff --git a/src/aul_sock.c b/src/aul_sock.c index d250f3a..91a87a0 100644 --- a/src/aul_sock.c +++ b/src/aul_sock.c @@ -32,6 +32,7 @@ #include "aul_util.h" #define MAX_NR_OF_DESCRIPTORS 2 +#define MAX_PAYLOAD_SIZE (1024 * 1024 * 1) #ifdef TIZEN_FEATURE_DEFAULT_USER #define REGULAR_UID_MIN 5000 @@ -429,6 +430,11 @@ API app_pkt_t *aul_sock_recv_pkt(int fd, int *clifd, struct ucred *cr) memcpy(&datalen, buf + sizeof(int), sizeof(int)); memcpy(&opt, buf + sizeof(int) + sizeof(int), sizeof(int)); + if (datalen <= 0 || datalen > MAX_PAYLOAD_SIZE) { + close(*clifd); + return NULL; + } + /* allocate for a null byte */ pkt = (app_pkt_t *)calloc(1, AUL_PKT_HEADER_SIZE + datalen + 1); if (pkt == NULL) { @@ -487,6 +493,12 @@ retry_recv: memcpy(&len, buf + sizeof(int), sizeof(int)); memcpy(&recv_opt, buf + sizeof(int) + sizeof(int), sizeof(int)); + if (len <= 0 || len > MAX_PAYLOAD_SIZE) { + close(fd); + *ret_pkt = NULL; + return -ECOMM; + } + /* allocate for a null byte */ pkt = (app_pkt_t *)calloc(1, AUL_PKT_HEADER_SIZE + len + 1); if (pkt == NULL) {