From: Sangyoon Jang <jeremy.jang@samsung.com>
Date: Mon, 13 Jul 2020 05:23:08 +0000 (+0900)
Subject: Fix realpath buffer overflow issue
X-Git-Tag: submit/tizen/20200716.035647~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=dc9d5030e7a8303086fe8e10b02db3142d7f2c4b;p=platform%2Fcore%2Fappfw%2Fpkgmgr-tool.git

Fix realpath buffer overflow issue

Change-Id: I076d1c238f4fb942d09fc32b29e6d751d4be50fa
Signed-off-by: Sangyoon Jang <jeremy.jang@samsung.com>
---

diff --git a/src/pkgcmd/pkg_cmd.c b/src/pkgcmd/pkg_cmd.c
index b113333..75e1ef4 100644
--- a/src/pkgcmd/pkg_cmd.c
+++ b/src/pkgcmd/pkg_cmd.c
@@ -295,31 +295,26 @@ static int __app_return_cb(uid_t target_uid, int req_id, const char *pkg_type,
 
 static int __convert_to_absolute_path(pm_tool_args *data)
 {
-	char abs[PATH_MAX] = {'\0'};
+	char *abs;
 	char *temp;
-	char *ptr = NULL;
 	int ret;
 	GList *list;
 
-	ptr = realpath(data->pkg_path, abs);
-	if (ptr == NULL) {
+	abs = realpath(data->pkg_path, NULL);
+	if (abs == NULL) {
 		printf("realpath fail: %d\n", errno);
 		return -1;
 	}
 	ret = snprintf(data->pkg_path, PATH_MAX - 1, "%s", abs);
+	free(abs);
 	if (ret < 0 || ret > PATH_MAX - 1) {
 		printf("snprintf fail\n");
 		return -1;
 	}
 
 	for (list = data->pkgs; list; list = list->next) {
-		ptr = realpath(list->data, abs);
-		if (ptr == NULL) {
-			printf("realpath fail: %d\n", errno);
-			return -1;
-		}
 		temp = list->data;
-		list->data = strdup(abs);
+		list->data = realpath(list->data, NULL);
 		if (list->data == NULL) {
 			printf("out of memory\n");
 			return -1;