From: Hyunbin Lee <hyunbin.lee@samsung.com>
Date: Thu, 24 Oct 2013 01:56:37 +0000 (+0900)
Subject: Avoid the possibility of buffer overflow
X-Git-Tag: 2.2.1_release
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Ftags%2F2.2.1_release;p=framework%2Fosp%2Fenv-config.git

Avoid the possibility of buffer overflow

Change-Id: I7394946366ace1d4fbc679824ee26b47143c816c
Signed-off-by: Hyunbin Lee <hyunbin.lee@samsung.com>
---

diff --git a/src/osp-env-config.c b/src/osp-env-config.c
index 5a93678..3030303 100644
--- a/src/osp-env-config.c
+++ b/src/osp-env-config.c
@@ -51,9 +51,10 @@
 #define _SECURE_LOGE(...)
 #endif
 
-static const char _OSP_COMPAT_SHARED_PATH[] = "/opt/usr/share/.osp-compat/\0";
-static const char _EXT_OSP_HOME_PATH[] = "/opt/storage/sdcard/osp/\0";
+static const char _OSP_COMPAT_SHARED_PATH[] = "/opt/usr/share/.osp-compat/";
+static const char _EXT_OSP_HOME_PATH[] = "/opt/storage/sdcard/osp/";
 static const char OSP_COMPAT_LIB[] = "/usr/lib/osp/libosp-compat.so";
+static const int MAX_PACKAGE_ID = NAME_MAX;
 
 struct _path_info
 {
@@ -80,9 +81,18 @@ get_app_rootpath_from_path(const char* bin_path)
 
 	/* e.g., The specified bin_path is "/opt/apps/com.samsung.basicapp/bin/basicapp" */
 	length = strlen(bin_path);
+	if (length > (PATH_MAX - 1))
+	{
+		LOGE("bin path (%s) is too long", bin_path);
+		return NULL;
+	}
+
 	app_rootpath = (char *)malloc(length + 1);
 	if(app_rootpath == NULL)
+	{
+		LOGE("malloc() failed, errno: %d (%s)", errno, strerror(errno));
 		return NULL;
+	}
 
 	memset(app_rootpath, '\0', length + 1);
 	strncpy(app_rootpath, bin_path, length);
@@ -268,14 +278,14 @@ mount_osp_internal_paths(const char* app_rootpath, const char* pkgid)
 
 	strncpy(osp_share_pkgid_path, _OSP_COMPAT_SHARED_PATH, strlen(_OSP_COMPAT_SHARED_PATH));
 	strncat(osp_share_pkgid_path, "share/", 6);
-	strncat(osp_share_pkgid_path, pkgid, strlen(pkgid));
+	strncat(osp_share_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
 	strncpy(osp_share2_pkgid_path, _OSP_COMPAT_SHARED_PATH, strlen(_OSP_COMPAT_SHARED_PATH));
 	strncat(osp_share2_pkgid_path, "share2/", 7);
-	strncat(osp_share2_pkgid_path, pkgid, strlen(pkgid));
+	strncat(osp_share2_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
-	strncpy(mount_info[0].src_path, osp_share_pkgid_path, strlen(osp_share_pkgid_path));
-	strncpy(mount_info[1].src_path, osp_share2_pkgid_path, strlen(osp_share2_pkgid_path));
+	strncpy(mount_info[0].src_path, osp_share_pkgid_path, PATH_MAX - 1);
+	strncpy(mount_info[1].src_path, osp_share2_pkgid_path, PATH_MAX - 1);
 
 	if (chdir(app_rootpath) != 0)
 	{
@@ -406,27 +416,27 @@ create_osp_external_paths(const char* app_rootpath, const char* pkgid)
 
 	strncpy(osp_ext_apps_pkgid_path, _EXT_OSP_HOME_PATH, strlen(_EXT_OSP_HOME_PATH));
 	strncat(osp_ext_apps_pkgid_path, "apps/", 5);
-	strncat(osp_ext_apps_pkgid_path, pkgid, strlen(pkgid));
+	strncat(osp_ext_apps_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
-	strncpy(osp_ext_apps_pkgid_share_path, osp_ext_apps_pkgid_path, strlen(osp_ext_apps_pkgid_path));
+	strncpy(osp_ext_apps_pkgid_share_path, osp_ext_apps_pkgid_path, PATH_MAX - 1);
 	strncat(osp_ext_apps_pkgid_share_path, "/Share", 6);
 
-	strncpy(osp_ext_apps_pkgid_share2_path, osp_ext_apps_pkgid_path, strlen(osp_ext_apps_pkgid_path));
+	strncpy(osp_ext_apps_pkgid_share2_path, osp_ext_apps_pkgid_path, PATH_MAX - 1);
 	strncat(osp_ext_apps_pkgid_share2_path, "/Share2", 7);
 
 	strncpy(osp_ext_share_pkgid_path, _EXT_OSP_HOME_PATH, strlen(_EXT_OSP_HOME_PATH));
 	strncat(osp_ext_share_pkgid_path, "share/", 6);
-	strncat(osp_ext_share_pkgid_path, pkgid, strlen(pkgid));
+	strncat(osp_ext_share_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
 	strncpy(osp_ext_share2_pkgid_path, _EXT_OSP_HOME_PATH, strlen(_EXT_OSP_HOME_PATH));
 	strncat(osp_ext_share2_pkgid_path, "share2/", 7);
-	strncat(osp_ext_share2_pkgid_path, pkgid, strlen(pkgid));
+	strncat(osp_ext_share2_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
-	strncpy(external_dirs[7].path, osp_ext_apps_pkgid_path, strlen(osp_ext_apps_pkgid_path));
-	strncpy(external_dirs[8].path, osp_ext_apps_pkgid_share_path, strlen(osp_ext_apps_pkgid_share_path));
-	strncpy(external_dirs[9].path, osp_ext_apps_pkgid_share2_path, strlen(osp_ext_apps_pkgid_share2_path));
-	strncpy(external_dirs[10].path, osp_ext_share_pkgid_path, strlen(osp_ext_share_pkgid_path));
-	strncpy(external_dirs[11].path, osp_ext_share2_pkgid_path, strlen(osp_ext_share2_pkgid_path));
+	strncpy(external_dirs[7].path, osp_ext_apps_pkgid_path, PATH_MAX - 1);
+	strncpy(external_dirs[8].path, osp_ext_apps_pkgid_share_path, PATH_MAX - 1);
+	strncpy(external_dirs[9].path, osp_ext_apps_pkgid_share2_path, PATH_MAX - 1);
+	strncpy(external_dirs[10].path, osp_ext_share_pkgid_path, PATH_MAX - 1);
+	strncpy(external_dirs[11].path, osp_ext_share2_pkgid_path, PATH_MAX - 1);
 
 	if (chdir(app_rootpath) != 0)
 	{
@@ -466,19 +476,19 @@ mount_osp_external_paths(const char* app_rootpath, const char* pkgid)
 
 	strncpy(osp_ext_apps_pkgid_path, _EXT_OSP_HOME_PATH, strlen(_EXT_OSP_HOME_PATH));
 	strncat(osp_ext_apps_pkgid_path, "apps/", 5);
-	strncat(osp_ext_apps_pkgid_path, pkgid, strlen(pkgid));
+	strncat(osp_ext_apps_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
 	strncpy(osp_ext_share_pkgid_path, _EXT_OSP_HOME_PATH, strlen(_EXT_OSP_HOME_PATH));
 	strncat(osp_ext_share_pkgid_path, "share/", 6);
-	strncat(osp_ext_share_pkgid_path, pkgid, strlen(pkgid));
+	strncat(osp_ext_share_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
 	strncpy(osp_ext_share2_pkgid_path, _EXT_OSP_HOME_PATH, strlen(_EXT_OSP_HOME_PATH));
 	strncat(osp_ext_share2_pkgid_path, "share2/", 7);
-	strncat(osp_ext_share2_pkgid_path, pkgid, strlen(pkgid));
+	strncat(osp_ext_share2_pkgid_path, pkgid, MAX_PACKAGE_ID);
 
-	strncpy(mount_info[3].src_path, osp_ext_apps_pkgid_path, strlen(osp_ext_apps_pkgid_path));
-	strncpy(mount_info[4].src_path, osp_ext_share_pkgid_path, strlen(osp_ext_share_pkgid_path));
-	strncpy(mount_info[5].src_path, osp_ext_share2_pkgid_path, strlen(osp_ext_share2_pkgid_path));
+	strncpy(mount_info[3].src_path, osp_ext_apps_pkgid_path, PATH_MAX - 1);
+	strncpy(mount_info[4].src_path, osp_ext_share_pkgid_path, PATH_MAX - 1);
+	strncpy(mount_info[5].src_path, osp_ext_share2_pkgid_path, PATH_MAX - 1);
 
 	if (chdir(app_rootpath) != 0)
 	{
@@ -636,31 +646,30 @@ ERROR:
 }
 
 int
-do_pre_exec(const char* package_name, const char* bin_path)
+do_pre_exec(const char* app_id, const char* bin_path)
 {
 	char* app_rootpath = NULL;
 	char app_compat_path[PATH_MAX] = { 0, };
-	const char app_compat_file[] = "/info/compat.info\0";
-	char osp_app_data_path[PATH_MAX] = { 0, };
+	const char app_compat_file[] = "/info/compat.info";
+	char app_data_path[PATH_MAX] = { 0, };
 	int osp_compat = 0;
 
-	_SECURE_LOGI("do_pre_exec() is called, app name: %s, binary path: %s", package_name, bin_path);
-
 	app_rootpath = get_app_rootpath_from_path(bin_path);
 
-	strncpy(app_compat_path, app_rootpath, strlen(app_rootpath));
+	strncpy(app_compat_path, app_rootpath, PATH_MAX - 1);
 	strncat(app_compat_path, app_compat_file, strlen(app_compat_file));
 	if (access(app_compat_path, F_OK) == 0)
 	{
 		osp_compat = 1;
 	}
 
-	appinfo_init(package_name, 0);
+	appinfo_init(app_id, 0);
 	appinfo_set_compat(osp_compat);
 
 	const char* package_id = appinfo_get_packageid();
 
-	_SECURE_LOGI("package id: %s, binary path: %s, OSP compat: %d", package_id, bin_path, osp_compat);
+	_SECURE_LOGI("do_pre_exec() is called, bin path: %s, app root: %s, app id: %s, pkg id: %s, osp-compatible: %d",
+			bin_path, app_rootpath, app_id, package_id, osp_compat);
 
 	// FIXME: Temporary code with security risk
 	prctl(PR_SET_KEEPCAPS, 1);
@@ -674,7 +683,7 @@ do_pre_exec(const char* package_name, const char* bin_path)
 
 	char virtual_root_file[PATH_MAX] = { 0, };
 	const char virtual_root_info[] = "/info/virtualroot.info";
-	strncpy(virtual_root_file, app_rootpath, strlen(app_rootpath));
+	strncpy(virtual_root_file, app_rootpath, PATH_MAX - 1);
 	strncat(virtual_root_file, virtual_root_info, strlen(virtual_root_info));
 	if (access(virtual_root_file, F_OK) == 0)
 	{
@@ -706,12 +715,12 @@ do_pre_exec(const char* package_name, const char* bin_path)
 
 	// API version is equal to or greater than Tizen 2.0
 	// Set current working dir to "/opt/apps/{pkgId}/data"
-	strncpy(osp_app_data_path, app_rootpath, strlen(app_rootpath));
-	strncat(osp_app_data_path, "/data", strlen("/data"));
+	strncpy(app_data_path, app_rootpath, PATH_MAX - 1);
+	strncat(app_data_path, "/data", strlen("/data"));
 
-	if (chdir(osp_app_data_path) != 0)
+	if (chdir(app_data_path) != 0)
 	{
-		LOGE("chdir() failed, path: %s, errno: %d (%s)", osp_app_data_path, errno, strerror(errno));
+		LOGE("chdir() failed, path: %s, errno: %d (%s)", app_data_path, errno, strerror(errno));
 		goto ERROR;
 	}