From 900e6b07f4b9f44a69a81e9c5de189fda787f4f2 Mon Sep 17 00:00:00 2001
From: Dongkyun Son <dongkyun.s@samsung.com>
Date: Tue, 7 Jun 2022 18:13:13 +0900
Subject: [PATCH] Fix [ASAN][BUG] heap-buffer-overflow in sdbd

Change-Id: I233898809080cce9915418a586873d9d65c7ea2b
Signed-off-by: Sungguk Na <sungguk.na@samsung.com>y
Signed-off-by: Dongkyun Son <dongkyun.s@samsung.com>
(cherry picked from commit 126f0f6f90d20db82570936aa9241fbd0943bfdd)
---
 src/default_plugin_basic.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/default_plugin_basic.c b/src/default_plugin_basic.c
index 8d6a1f4..b311a45 100755
--- a/src/default_plugin_basic.c
+++ b/src/default_plugin_basic.c
@@ -383,7 +383,9 @@ int verify_handle_by_plugin ( parameters* in, parameters* out )
     }
 
     //the data contains the string sample-echo followed by space and then the user string, hence checking for space.
-    if((in->array_of_parameter[0].v_string.data[11] == ' ')&&(!strncmp(in->array_of_parameter[0].v_string.data, "sample-echo", strlen("sample-echo")))) {
+    if((in->array_of_parameter[0].v_string.length >= 12) &&
+            (in->array_of_parameter[0].v_string.data[11] == ' ') &&
+            (!strncmp(in->array_of_parameter[0].v_string.data, "sample-echo", strlen("sample-echo")))) {
     	out->array_of_parameter[0].type = type_int32;
     	out->array_of_parameter[0].v_int32 = PLUGIN_RET_HANDLE;
     }
-- 
2.7.4