From 0daa3f12e5893f405538f1df45483d6bb8b39e42 Mon Sep 17 00:00:00 2001
From: Vitaliy Cherepanov <v.cherepanov@samsung.com>
Date: Tue, 12 May 2015 14:56:43 +0300
Subject: [PATCH] [FIX] prevent issues

|--------|------------------------------|-----------|------------|
| CID    | Type                         | File      | Function   |
|--------|------------------------------|-----------|------------|
| 377075 | Dereference after null check | da_inst.c | new_app    |
| 373010 | Resource leak                | da_inst.c | new_app    |
| 351955 | Untrusted value as argument  | threads.c | recvThread |
|--------|------------------------------|-----------|------------|

Change-Id: Ie97fd82c6f56fb1c05cd837fb251e681c70fdf86
Signed-off-by: Vitaliy Cherepanov <v.cherepanov@samsung.com>
---
 daemon/da_inst.c | 2 +-
 daemon/threads.c | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/daemon/da_inst.c b/daemon/da_inst.c
index ac462b3..fa5d2ad 100644
--- a/daemon/da_inst.c
+++ b/daemon/da_inst.c
@@ -144,7 +144,7 @@ struct app_list_t *new_app(void)
 	struct app_list_t *app = NULL;
 
 	app = (struct app_list_t *)new_data();
-	if (app = NULL) {
+	if (app == NULL) {
 		LOGE("cannot create app\n");
 		goto exit_fail;
 	}
diff --git a/daemon/threads.c b/daemon/threads.c
index fd2c188..8a16e96 100644
--- a/daemon/threads.c
+++ b/daemon/threads.c
@@ -180,8 +180,12 @@ static void* recvThread(void* data)
 
 			if (chsmack(file_name) == 0) {
 				/* exctract probe message */
-				file_name += strnlen(file_name, PATH_MAX) + 1;
-				struct msg_data_t *msg_data = (struct msg_data_t *)file_name;
+				size_t file_name_len = strnlen(file_name, PATH_MAX) + 1;
+				struct msg_data_t *msg_data = (struct msg_data_t *)(file_name + file_name_len);
+				if (log.length != file_name_len + sizeof(*msg_data) + msg_data->len) {
+					LOGE("malformed packet ignored\n");
+					continue;
+				}
 				if (write_to_buf(msg_data) != 0)
 					LOGE("write to buf fail\n");
 			} else {
-- 
2.7.4