From: SeokHoon Lee <andy.shlee@samsung.com>
Date: Tue, 7 Nov 2017 01:25:05 +0000 (+0900)
Subject: Fix security issue
X-Git-Tag: submit/tizen_3.0/20171107.061930^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Ftizen_3.0;p=platform%2Fcore%2Fapi%2Fscreen-mirroring.git

Fix security issue

 - strncpy doesn't set zero byte

[Version] 0.1.64
[Profile] Common
[Issue Type] Security issue
[Issue#] SATIZENVUL-957
Signed-off-by: SeokHoon Lee <andy.shlee@samsung.com>
Change-Id: I3e44b02d6237542f150babacb7474d5be2e5f9ca
---

diff --git a/miracast_server/miracast_server_impl.c b/miracast_server/miracast_server_impl.c
index aa0ccbd..6e69aa4 100644
--- a/miracast_server/miracast_server_impl.c
+++ b/miracast_server/miracast_server_impl.c
@@ -166,10 +166,11 @@ int __miracast_server_send_resp(MiracastServer *server, const gchar *cmd)
 {
 	int ret = SCMIRRORING_ERROR_NONE;
 	char *_cmd = NULL;
+	int _cmdLen = 0;
 	int client_sock = -1;
 
-	if (server == NULL) {
-		scmirroring_error("OUT_OF_MEMORY");
+	if (server == NULL || cmd == NULL) {
+		scmirroring_error("Invaild server or cmd!");
 		return SCMIRRORING_ERROR_INVALID_OPERATION;
 	}
 
@@ -180,9 +181,13 @@ int __miracast_server_send_resp(MiracastServer *server, const gchar *cmd)
 	}
 
 	_cmd = g_strdup(cmd);
-	_cmd[strlen(_cmd)] = '\0';
+	if (_cmd == NULL) {
+		scmirroring_error("Faild in g_strdup for cmd!");
+		return SCMIRRORING_ERROR_OUT_OF_MEMORY;
+	}
 
-	if (write(client_sock, _cmd, strlen(_cmd) + 1) != ((int)(strlen(_cmd) + 1))) {
+	_cmdLen = strlen(_cmd) + 1;
+	if (write(client_sock, _cmd, _cmdLen) != _cmdLen) {
 		char buf[255] = {0, };
 		strerror_r(errno, buf, sizeof(buf));
 		scmirroring_error("sendto failed [%s]", buf);
diff --git a/packaging/capi-media-screen-mirroring.spec b/packaging/capi-media-screen-mirroring.spec
index cb831be..dab1c27 100644
--- a/packaging/capi-media-screen-mirroring.spec
+++ b/packaging/capi-media-screen-mirroring.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-screen-mirroring
 Summary:    A screen mirroring library in Tizen C API
-Version:    0.1.63
+Version:    0.1.64
 Release:    0
 Group:      Multimedia/API
 License:    Apache-2.0
diff --git a/src/scmirroring_src.c b/src/scmirroring_src.c
index 3f5ed4d..00f65fe 100644
--- a/src/scmirroring_src.c
+++ b/src/scmirroring_src.c
@@ -64,14 +64,19 @@ static int __scmirroring_src_send_cmd_to_server(scmirroring_src_s *scmirroring,
 {
 	int ret = SCMIRRORING_ERROR_NONE;
 	char *_cmd = NULL;
+	int _cmdLen = 0;
 
 	scmirroring_retvm_if(scmirroring == NULL, SCMIRRORING_ERROR_INVALID_PARAMETER, "scmirroring is NULL");
 	scmirroring_retvm_if(cmd == NULL, SCMIRRORING_ERROR_INVALID_PARAMETER, "cmd is NULL");
 
 	_cmd = g_strdup(cmd);
-	_cmd[strlen(_cmd)] = '\0';
+	if (_cmd == NULL) {
+		scmirroring_error("Out of memory for command buffer");
+		return SCMIRRORING_ERROR_OUT_OF_MEMORY;
+	}
 
-	if (write(scmirroring->sock, _cmd, strlen(_cmd) + 1) != (signed int) strlen(_cmd) + 1) {
+	_cmdLen = strlen(_cmd) + 1;
+	if (write(scmirroring->sock, _cmd, _cmdLen) != _cmdLen) {
 		char buf[255] = {0, };
 		strerror_r(errno, buf, sizeof(buf));
 		scmirroring_error("sendto failed [%s]", buf);