From 31472ebf0024fc84e562c1afad933659703ec51b Mon Sep 17 00:00:00 2001
From: Sunmin Lee <sunm.lee@samsung.com>
Date: Wed, 14 Dec 2016 12:51:31 +0900
Subject: [PATCH] crash-manager: make secure program

- Use secure function (strncat)
- Prevent buffer overrun

Change-Id: I47acf1bb39c0be123a486116f811b78f30d6ff01
Signed-off-by: Sunmin Lee <sunm.lee@samsung.com>
---
 src/crash-manager/crash-manager.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/crash-manager/crash-manager.c b/src/crash-manager/crash-manager.c
index a80b3f6..a61f063 100644
--- a/src/crash-manager/crash-manager.c
+++ b/src/crash-manager/crash-manager.c
@@ -424,14 +424,16 @@ static void dump_system_state(void)
 
 static void execute_crash_modules(int argc, char *argv[], int debug)
 {
-	int ret, i;
+	int ret, i, length;
 	char arg_append[PATH_MAX];
 	char command[PATH_MAX];
 
+	length = 0;
 	arg_append[0] = '\0';
-	for (i = 1; i < argc; i++) {
-		strcat(arg_append, argv[i]);
-		strcat(arg_append, " ");
+	for (i = 1; i < argc && length + strlen(argv[i]) + 1 < PATH_MAX; i++) {
+		strncat(arg_append, argv[i], strlen(argv[i]));
+		strncat(arg_append, " ", 1);
+		length += strlen(argv[i]) + 1;
 	}
 
 	/* Execute crash-pipe */
-- 
2.7.4