From: JengHyun Kang <jhyuni.kang@samsung.com>
Date: Thu, 10 Aug 2017 12:49:50 +0000 (+0900)
Subject: check return value of getenv() is overflowed
X-Git-Tag: accepted/tizen/4.0/unified/20170828.221633^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Ftizen_4.0;p=platform%2Fupstream%2Fxkeyboard-config.git

check return value of getenv() is overflowed

Change-Id: I253c6b0629126fddd8d3b8507f64b04c5267a1ef
---

diff --git a/cache/cache.c b/cache/cache.c
index 4b79281..c53d292 100644
--- a/cache/cache.c
+++ b/cache/cache.c
@@ -11,21 +11,44 @@
 #define STRLEN(s) (s ? strlen(s) : 0)
 #define STR(s) (s ? s : "")
 
+#define BUF_MAX 1024
+
 void parseKeymapFile(struct xkb_keymap *map)
 {
     FILE *file;
-    int res, keycode;
-    char *tmp, *ret, buf[1024] = {0, }, *keymap_path, *buf_ptr;;
+    int res, keycode, env_size;
+    char *tmp = NULL, *ret = NULL, buf[BUF_MAX] = {0, };
+    char *keymap_path = NULL, *buf_ptr = NULL, *env_temp = NULL;;
 
-    keymap_path = getenv("KEYMAP_FILE_PATH");
-    if (!keymap_path)
+    env_temp = getenv("KEYMAP_FILE_PATH");
+    if (!env_temp)
     {
         printf("There is no enviroment of keymap file path\n");
         return;
     }
 
+    env_size = strlen(env_temp);
+    if (env_size <=0 || env_size >= BUF_MAX)
+    {
+        printf("Invalid enviroment of keymap file path: string size(%d)\n", env_size);
+        return;
+    }
+
+    keymap_path = (char *)calloc(sizeof(char), env_size + 1);
+    if (!keymap_path)
+    {
+       printf("Failed to allocate memory for keymap_path(%d)\n", env_size+1);
+       return;
+    }
+
+    strncpy(keymap_path, env_temp, env_size);
+
     file = fopen(keymap_path, "r");
-    if (!file) return;
+    if (!file)
+    {
+       free(keymap_path);
+       return;
+    }
 
     while (!feof(file))
     {
@@ -60,31 +83,52 @@ void parseKeymapFile(struct xkb_keymap *map)
 
     fclose(file);
 
+    free(keymap_path);
     return;
 }
 
 void parseArgs(int argc, char **argv, struct xkb_rule_names *names)
 {
-    int i, res;
-    char *tmp, *rule_path;
-    FILE *file;
+    int i, res, env_size;
+    char *tmp = NULL, *rule_path = NULL, *env_temp = NULL;
+    FILE *file = NULL;
     char buf[1024] = {0, };
-    char *buf_ptr;
+    char *buf_ptr = NULL;
 
     if (argc < 2)
     {
-        rule_path = getenv("RULE_FILE_PATH");
+        env_temp = getenv("RULE_FILE_PATH");
 
-	if (!rule_path)
+	if (!env_temp)
         {
             printf("Failed to get RULE_FILE_PATH !\n");
             return;
         }
 
+        env_size = strlen(env_temp);
+        if (env_size <=0 || env_size >= BUF_MAX)
+        {
+            printf("Invalid enviroment of rule_path file path: string size(%d)\n", env_size);
+            return;
+        }
+
+        rule_path = (char *)calloc(sizeof(char), env_size + 1);
+        if (!rule_path)
+        {
+            printf("Failed to allocate memory for keymap_path(%d)\n", env_size+1);
+            return;
+        }
+
+        strncpy(rule_path, env_temp, env_size);
+
         printf("Cache file rule from %s file\n", rule_path);
 
         file = fopen(rule_path, "r");
-        if (!file) return;
+        if (!file)
+        {
+            free(rule_path);
+            return;
+        }
 
         while (!feof(file))
         {
@@ -162,6 +206,8 @@ void parseArgs(int argc, char **argv, struct xkb_rule_names *names)
             }
         }
     }
+
+    free(rule_path);
 }
 
 void checkRules(struct xkb_rule_names *names)