From d14cc1c6747a4dccbff1edcadc80aba07de57687 Mon Sep 17 00:00:00 2001
From: Jiwoong Im <jiwoong.im@samsung.com>
Date: Wed, 26 Jul 2017 17:51:21 +0900
Subject: [PATCH] Add null check when calling strdup

Change-Id: I403ff90be685feddc7108fa977283c77d0e05cb1
Signed-off-by: Jiwoong Im <jiwoong.im@samsung.com>
---
 src/message-port.c | 39 ++++++++++++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 11 deletions(-)

diff --git a/src/message-port.c b/src/message-port.c
index 9933467..3e6525b 100755
--- a/src/message-port.c
+++ b/src/message-port.c
@@ -551,6 +551,10 @@ static int __get_remote_port_info(const char *remote_app_id, const char *remote_
 	*mri = remote_app_info;
 
 	port_info.port_name = strdup(remote_port);
+	if (port_info.port_name == NULL) {
+		ret_val = MESSAGEPORT_ERROR_OUT_OF_MEMORY;
+		goto out;
+	}
 	port_info.is_trusted = is_trusted;
 	cb_list = g_list_find_custom(remote_app_info->port_list, &port_info,
 					(GCompareFunc)__remote_port_compare_cb);
@@ -890,7 +894,7 @@ static bool send_message(GVariant *parameters, GDBusMethodInvocation *invocation
 	bundle_raw *raw = NULL;
 	message_port_local_port_info_s *mi;
 	int local_reg_id = 0;
-	message_port_callback_info_s *callback_info;
+	message_port_callback_info_s *callback_info = NULL;
 	message_port_callback_info_s *head_callback_info;
 	GList *callback_info_list = NULL;
 
@@ -900,6 +904,7 @@ static bool send_message(GVariant *parameters, GDBusMethodInvocation *invocation
 	int fd_len;
 	int *returned_fds = NULL;
 	int fd;
+	bool ret = false;
 
 	g_variant_get(parameters, "(&s&sbb&s&sbu&s)", &local_appid, &local_port, &local_trusted, &bi_dir,
 			&remote_appid, &remote_port, &remote_trusted, &len, &raw);
@@ -957,6 +962,10 @@ static bool send_message(GVariant *parameters, GDBusMethodInvocation *invocation
 
 	callback_info->local_id = mi->local_id;
 	callback_info->remote_app_id = strdup(local_appid);
+	if (callback_info->remote_app_id == NULL) {
+		_LOGE("out of memory");
+		goto out;
+	}
 	callback_info->callback = mi->callback;
 
 	msg = g_dbus_method_invocation_get_message(invocation);
@@ -967,8 +976,7 @@ static bool send_message(GVariant *parameters, GDBusMethodInvocation *invocation
 		returned_fds = g_unix_fd_list_steal_fds(fd_list, &fd_len);
 		if (returned_fds == NULL) {
 			_LOGE("fail to get fds");
-			__callback_info_free(callback_info);
-			return false;
+			goto out;
 		}
 		fd = returned_fds[0];
 
@@ -978,16 +986,14 @@ static bool send_message(GVariant *parameters, GDBusMethodInvocation *invocation
 			callback_info->gio_read = g_io_channel_unix_new(fd);
 			if (!callback_info->gio_read) {
 				_LOGE("Error is %s\n", strerror_r(errno, buf, sizeof(buf)));
-				__callback_info_free(callback_info);
-				return false;
+				goto out;
 			}
 
 			callback_info->g_src_id = g_io_add_watch(callback_info->gio_read, G_IO_IN | G_IO_HUP,
 					__socket_request_handler, (gpointer)callback_info);
 			if (callback_info->g_src_id == 0) {
 				_LOGE("fail to add watch on socket");
-				__callback_info_free(callback_info);
-				return false;
+				goto out;
 			}
 
 			callback_info_list = g_hash_table_lookup(__callback_info_hash, GUINT_TO_POINTER(mi->local_id));
@@ -995,8 +1001,7 @@ static bool send_message(GVariant *parameters, GDBusMethodInvocation *invocation
 				head_callback_info = (message_port_callback_info_s *)calloc(1, sizeof(message_port_callback_info_s));
 				if (head_callback_info == NULL) {
 					_LOGE("fail to alloc head_callback_info");
-					__callback_info_free(callback_info);
-					return false;
+					goto out;
 				}
 				head_callback_info->local_id = 0;
 				head_callback_info->remote_app_id = NULL;
@@ -1024,11 +1029,16 @@ static bool send_message(GVariant *parameters, GDBusMethodInvocation *invocation
 	else
 		mi->callback(mi->local_id, local_appid, NULL, false, data, NULL);
 	bundle_free(data);
+
+	ret = true;
 out:
+	if (ret == false)
+		__callback_info_free(callback_info);
+
 	if (returned_fds)
 		free(returned_fds);
 
-	return true;
+	return ret;
 }
 
 static int __check_remote_port(const char *remote_app_id, const char *remote_port, bool is_trusted, bool *exist)
@@ -1157,6 +1167,7 @@ static bool __check_sender_validation(GVariant *parameters, const char *sender,
 	char *local_appid = NULL;
 	int pid = __get_sender_pid(conn, sender);
 	int *watcher_id = (int *)calloc(1, sizeof(int));
+	char *_sender;
 	retvm_if(!watcher_id, false, "Malloc failed");
 
 	ret = aul_app_get_appid_bypid(pid, buffer, sizeof(buffer));
@@ -1175,7 +1186,13 @@ static bool __check_sender_validation(GVariant *parameters, const char *sender,
 
 	if (strncmp(buffer, local_appid, MAX_PACKAGE_STR_SIZE) == 0) {
 		_LOGD("insert sender !!!!! %s", sender);
-		g_hash_table_insert(__sender_appid_hash, (gpointer)strdup(sender), GINT_TO_POINTER(pid));
+		_sender = strdup(sender);
+		if (_sender == NULL) {
+			_LOGE("out of memory");
+			free(watcher_id);
+			return false;
+		}
+		g_hash_table_insert(__sender_appid_hash, (gpointer)_sender, GINT_TO_POINTER(pid));
 		*watcher_id = g_bus_watch_name_on_connection(
 					__gdbus_conn,
 					sender,
-- 
2.7.4