From: Mariusz Domanski <m.domanski@samsung.com>
Date: Tue, 15 Jan 2013 13:58:55 +0000 (+0100)
Subject: Prevent related bugfixes.
X-Git-Tag: submit/tizen_2.1/20130424.233001~5^2~15
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=fe8ee65829849f15548897bc259c37c931d76a3b;p=platform%2Fcore%2Fsecurity%2Fsecurity-server.git

Prevent related bugfixes.

[Issue] N/A
[Bug] Bugs found by Coverity.
[Cause] N/A
[Solution] Checking varibale values, catching exception.
[Verification] Build security-server, run all tests.

Change-Id: Ide143746a4a4ccc4cc575f14cfb3529d3b32d088
---

diff --git a/src/main.cpp b/src/main.cpp
index c605ac7..4b16270 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -43,8 +43,13 @@ int main(int argc, char* argv[])
     }
 
     DPL::SingleInstance instance;
-    if (!instance.TryLock(DAEMON_INSTANCE_UUID)) {
-        LogError("Security Daemon is already running");
+    try {
+        if (!instance.TryLock(DAEMON_INSTANCE_UUID)) {
+            LogError("Security Daemon is already running");
+            return -1;
+        }
+    } catch (const DPL::SingleInstance::Exception::LockError &e) {
+        LogError(e.DumpToString());
         return -1;
     }
 
diff --git a/src/security-srv/server/security-server-cookie.c b/src/security-srv/server/security-server-cookie.c
index 2cb3839..518134b 100644
--- a/src/security-srv/server/security-server-cookie.c
+++ b/src/security-srv/server/security-server-cookie.c
@@ -327,7 +327,7 @@ int generate_random_cookie(unsigned char *cookie, int size)
 	close(fd);
 	ret = SECURITY_SERVER_SUCCESS;
 error:
-	if(fd > 0)
+	if(fd >= 0)
 		close(fd);
 	return ret;
 }
diff --git a/src/security-srv/server/security-server-main.c b/src/security-srv/server/security-server-main.c
index c0b183a..1cd5cfb 100644
--- a/src/security-srv/server/security-server-main.c
+++ b/src/security-srv/server/security-server-main.c
@@ -28,6 +28,7 @@
 #include <errno.h>
 #include <signal.h>
 #include <pthread.h>
+#include <limits.h>
 
 #include "security-server-cookie.h"
 #include "security-server-common.h"
@@ -786,7 +787,7 @@ int process_tool_request(int client_sockfd, int server_sockfd)
 	/* Receive Total number of argv */
 	argcnum = 0;
 	retval = read(client_sockfd, &argcnum, sizeof(int));
-	if(retval < sizeof(int))
+	if((retval < sizeof(int)) || argcnum > (UINT_MAX/sizeof(char *))-2 || argcnum < 0)
 	{
 		SEC_SVR_DBG("Error: argc recieve failed: %d", retval);
 		retval = send_generic_response(client_sockfd,