From: YoungHun Kim <yh8004.kim@samsung.com>
Date: Thu, 26 Jul 2018 00:37:49 +0000 (+0900)
Subject: Add to verify the size of receive buffer
X-Git-Tag: submit/tizen/20180730.020459^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e4f494cc2f7f8018621817999407bbfbeece60e3;p=platform%2Fcore%2Fmultimedia%2Fmmsvc-core.git

Add to verify the size of receive buffer

Change-Id: I2fea4c0bb647385e2f5ed0e6783042b424cc07dd
---

diff --git a/core/src/muse_core.c b/core/src/muse_core.c
index fbf823d8..0dd0a814 100644
--- a/core/src/muse_core.c
+++ b/core/src/muse_core.c
@@ -398,6 +398,7 @@ int muse_core_msg_recv(int sock_fd, char *msg)
 int muse_core_msg_recv_fd(int sock_fd, char *buf, int *out_fd)
 {
 	int ret = 0;
+	int buf_len = 0;
 	int pid;
 	struct cmsghdr *cptr;
 	struct msghdr msg;
@@ -417,6 +418,14 @@ int muse_core_msg_recv_fd(int sock_fd, char *buf, int *out_fd)
 		return RECV_FAIL;
 	}
 
+	while (!buf[buf_len] && buf_len < MUSE_MSG_MAX_LENGTH)
+		buf_len++;
+
+	if (buf_len < msg_info.size && buf_len != 0) {
+		LOGE("stack overflow caution !! [recv buf's length (%d) must be larger than msg' length (%d)", buf_len, msg_info.size);
+		return RECV_FAIL;
+	}
+
 	if (msg_info.marker != MUSE_MSG_HEAD) {
 		LOGE("invalid marker 0x%x", msg_info.marker);
 		return RECV_FAIL;
diff --git a/packaging/mused.spec b/packaging/mused.spec
index f6f4c86f..fc855359 100644
--- a/packaging/mused.spec
+++ b/packaging/mused.spec
@@ -1,6 +1,6 @@
 Name:       mused
 Summary:    A multimedia daemon
-Version:    0.3.45
+Version:    0.3.46
 Release:    0
 Group:      System/Libraries
 License:    Apache-2.0
diff --git a/server/src/muse_server_connection.c b/server/src/muse_server_connection.c
index 1a04eea0..66a8f3ea 100644
--- a/server/src/muse_server_connection.c
+++ b/server/src/muse_server_connection.c
@@ -174,7 +174,7 @@ ms_event_e ms_connection_event_handler(int *state_value)
 			p_event->events = EPOLLRDHUP;
 			if (epoll_ctl(ep_fd, EPOLL_CTL_MOD, fd, p_event) == EPOLL_ERR) {
 				strerror_r(errno, err_msg, MUSE_MSG_LEN_MAX);
-				LOGE("epoll ctl error - %s", err_msg);
+				LOGE("epoll ctl error - %s [%d]", err_msg, errno);
 			}
 
 			event_value = MUSE_EVENT_CONNECTION_STATE_CHANGED;
@@ -183,7 +183,7 @@ ms_event_e ms_connection_event_handler(int *state_value)
 
 			if (epoll_ctl(ep_fd, EPOLL_CTL_DEL, fd, p_event) == EPOLL_ERR) {
 				strerror_r(errno, err_msg, MUSE_MSG_LEN_MAX);
-				LOGE("epoll ctl error - %s", err_msg);
+				LOGE("epoll ctl error - %s [%d]", err_msg, errno);
 			}
 
 			*state_value = MUSE_CONNECTION_STATE_DISCONNECTED;