From a5286c9892b596386a1f569212b4bfba0e5ab209 Mon Sep 17 00:00:00 2001
From: Seonah Moon <seonah1.moon@samsung.com>
Date: Mon, 9 Aug 2021 19:03:36 +0900
Subject: [PATCH] Fix NULL pointer dereference

Change-Id: I9d2cf34fc9e924da5dec01d5229c4b7532b35f48
---
 agent/download-agent-http-mgr.c |  7 +++++++
 provider/download-provider-db.c | 26 +++++++++++++++++++-------
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/agent/download-agent-http-mgr.c b/agent/download-agent-http-mgr.c
index f048687..ddb5286 100755
--- a/agent/download-agent-http-mgr.c
+++ b/agent/download-agent-http-mgr.c
@@ -1132,6 +1132,13 @@ static proxy_info_t *__get_proxy_info()
 		if (found) {
 			size_t userinfo_len = strlen(proxy_uri) - strlen(found);
 			char *userinfo = strndup(proxy_uri, userinfo_len);
+			if (!userinfo) {
+				DA_LOGE("Failed to copy proxy_uri to userinfo");
+				free(proxy_info);
+				free(proxy_uri);
+				return DA_NULL;
+			}
+
 			if (strstr(userinfo, SCHEME_DELIMETER))
 				sscanf(userinfo, "%7[^:/]://%255[^:]:%255s", scheme, user_name, password);
 			else
diff --git a/provider/download-provider-db.c b/provider/download-provider-db.c
index fdf9de9..61a27d6 100755
--- a/provider/download-provider-db.c
+++ b/provider/download-provider-db.c
@@ -1204,10 +1204,16 @@ int dp_db_get_cond_string(void *handle, const char *table, char *wherecolumn, co
 			if (getbytes > 0) {
 				unsigned char *getstr = (unsigned char *)calloc(getbytes + 1, sizeof(unsigned char));
 				if (getstr != NULL) {
-					memcpy(getstr, sqlite3_column_text(stmt, 0), getbytes * sizeof(unsigned char));
-					getstr[getbytes] = '\0';
-					*value = getstr;
-					*length = getbytes;
+					const unsigned char *txt = sqlite3_column_text(stmt, 0);
+					if (txt) {
+						memcpy(getstr, txt, getbytes * sizeof(unsigned char));
+						getstr[getbytes] = '\0';
+						*value = getstr;
+						*length = getbytes;
+					} else {
+						TRACE_ERROR("sqlite3_column_txt() returns NULL");
+						*error = DP_ERROR_NO_DATA;
+					}
 				} else {
 					TRACE_ERROR("check available system memory");
 					*error = DP_ERROR_OUT_OF_MEMORY;
@@ -1221,9 +1227,15 @@ int dp_db_get_cond_string(void *handle, const char *table, char *wherecolumn, co
 			if (getbytes > 0) {
 				unsigned char *getstr = (unsigned char *)calloc(getbytes, sizeof(unsigned char));
 				if (getstr != NULL) {
-					memcpy(getstr, sqlite3_column_blob(stmt, 0), getbytes * sizeof(unsigned char));
-					*value = getstr;
-					*length = getbytes;
+					const void *blob = sqlite3_column_blob(stmt, 0);
+					if (blob) {
+						memcpy(getstr, blob, getbytes * sizeof(unsigned char));
+						*value = getstr;
+						*length = getbytes;
+					} else {
+						TRACE_ERROR("sqlite3_column_blob() returns NULL");
+						*error = DP_ERROR_OUT_OF_MEMORY;
+					}
 				} else {
 					TRACE_ERROR("check available system memory");
 					*error = DP_ERROR_OUT_OF_MEMORY;
-- 
2.7.4