From: Yunjin Lee Date: Mon, 14 Mar 2016 12:29:50 +0000 (+0900) Subject: Replace vulnerable functions: strerror and sprintf X-Git-Tag: accepted/tizen/common/20160321.150734~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F32%2F62132%2F6;p=platform%2Fcore%2Fsecurity%2Faskuser.git Replace vulnerable functions: strerror and sprintf Change-Id: Idf4630c96d97294739e875be14999a6f4d7ddae7 Signed-off-by: Yunjin Lee --- diff --git a/src/agent/popup-bin/CMakeLists.txt b/src/agent/popup-bin/CMakeLists.txt index abcead6..6815266 100644 --- a/src/agent/popup-bin/CMakeLists.txt +++ b/src/agent/popup-bin/CMakeLists.txt @@ -53,6 +53,7 @@ SET_TARGET_PROPERTIES(${TARGET_ASKUSER_POPUP} PROPERTIES ) TARGET_LINK_LIBRARIES(${TARGET_ASKUSER_POPUP} + ${TARGET_ASKUSER_COMMON} ${ASKUSER_POPUP_DEP_LIBRARIES} -pie ) diff --git a/src/agent/popup-bin/popup.cpp b/src/agent/popup-bin/popup.cpp index a17d40f..bbeb392 100644 --- a/src/agent/popup-bin/popup.cpp +++ b/src/agent/popup-bin/popup.cpp @@ -31,11 +31,13 @@ #include #include +#include #include "popup.h" #include "popup-runner.h" #include "serialization.h" using namespace AskUser::Agent; +using namespace AskUser::Util; namespace { // anonymous @@ -134,7 +136,7 @@ bool show_popup(struct cert_checker_popup_data *pdp) { if (ret < 0) { int erryes = errno; - ALOGE("sprintf failed with error: <" << strerror(erryes) << ">"); + ALOGE("sprintf failed with error: <" << safeStrError(erryes) << ">"); return false; } @@ -295,7 +297,7 @@ elm_main(int argc, char **argv) close(pipe_in); close(pipe_out); ALOGE("read returned a negative value (" << count << ")"); - ALOGE("errno: " << strerror(errno)); + ALOGE("errno: " << safeStrError(errno)); ALOGE("Exit popup - ERROR"); return popup_status::EXIT_ERROR; } diff --git a/src/agent/ui/popup-runner.cpp b/src/agent/ui/popup-runner.cpp index c9d6f69..76582e4 100644 --- a/src/agent/ui/popup-runner.cpp +++ b/src/agent/ui/popup-runner.cpp @@ -32,10 +32,12 @@ #include #include #include +#include namespace { // anonymous using namespace AskUser::Agent; +using namespace AskUser::Util; std::string response_to_str(UIResponseType response) { switch (response) { @@ -321,7 +323,7 @@ UIResponseType Popup_runner::wait_for_response() { tmp = TEMP_FAILURE_RETRY(read(m_fd_send_to_parent, result + count, buff_size - count)); if (tmp < 0) { ALOGE("Error while reading popup response, read returned: " << tmp); - ALOGE("errno: " << strerror(errno)); + ALOGE("errno: " << safeStrError(errno)); goto error; } if (tmp > 0) { diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt index 22cb4b2..eb276ec 100644 --- a/src/common/CMakeLists.txt +++ b/src/common/CMakeLists.txt @@ -47,6 +47,7 @@ INCLUDE_DIRECTORIES( SET(COMMON_SOURCES ${COMMON_PATH}/translator/Translator.cpp ${COMMON_PATH}/types/AgentErrorMsg.cpp + ${COMMON_PATH}/util/SafeFunction.cpp ) ADD_DEFINITIONS("-fvisibility=default") diff --git a/src/common/util/SafeFunction.cpp b/src/common/util/SafeFunction.cpp new file mode 100644 index 0000000..5a0d17e --- /dev/null +++ b/src/common/util/SafeFunction.cpp @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Yunjin Lee + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file SafeFunction.cpp + * @author Yunjin Lee + * @version 1.0 + * @brief Util for safe function. + */ + +#include "SafeFunction.h" +#include +#include + +namespace AskUser { +namespace Util { +#define ERROR_STRING_SIZE 256 + +std::string safeStrError(int error) { + char buf[ERROR_STRING_SIZE]; + return strerror_r(error, buf, ERROR_STRING_SIZE); +} +} +} diff --git a/src/common/util/SafeFunction.h b/src/common/util/SafeFunction.h new file mode 100644 index 0000000..2f9bcc4 --- /dev/null +++ b/src/common/util/SafeFunction.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Yunjin Lee + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file SafeFunction.h + * @author Yunjin Lee + * @version 1.0 + * @brief Util for safe function. + */ + +#include + +namespace AskUser { +namespace Util { + +std::string safeStrError(int error); + +} +} diff --git a/test/client/src/main.c b/test/client/src/main.c index dc3121c..2c3c716 100644 --- a/test/client/src/main.c +++ b/test/client/src/main.c @@ -86,7 +86,7 @@ int main(int argc, char **argv) { cynara_configuration_destroy(cynara_config); while (repeats-- && !dead) { - sprintf(clientPlus, "%s_%d", client, repeats); + snprintf(clientPlus, sizeof(clientPlus), "%s_%d", client, repeats); ret = cynara_check(cynar, client, session, user, privilege); printf("get ret [%d]: %s\n", ret, cystrerr(ret)); result += ret == CYNARA_API_ACCESS_ALLOWED ? 1 : -1;