From dc6483cdf81b9518635f71ae69efcbfd543315b2 Mon Sep 17 00:00:00 2001
From: Junghyun Yeon <jungh.yeon@samsung.com>
Date: Wed, 1 Jul 2020 11:13:45 +0900
Subject: [PATCH] Add checking return values of snprintf

Change-Id: If38a743334fda4f7f8b697ff9f24ce1531caa6b4
Signed-off-by: Junghyun Yeon <jungh.yeon@samsung.com>
---
 plugin/app2sd/server/app2sd_internals.c | 33 ++++++++++++++++++++++++++-------
 1 file changed, 26 insertions(+), 7 deletions(-)

diff --git a/plugin/app2sd/server/app2sd_internals.c b/plugin/app2sd/server/app2sd_internals.c
index a98102d..c093ece 100644
--- a/plugin/app2sd/server/app2sd_internals.c
+++ b/plugin/app2sd/server/app2sd_internals.c
@@ -184,15 +184,23 @@ int _app2sd_dmcrypt_open_device(const char *pkgid, const char *loopback_device,
 
 	if (_app2sd_check_is_luks_device(loopback_device) == 0) {
 		_W("legacy image format!");
-		snprintf(dmcrypt_open_cmd, sizeof(dmcrypt_open_cmd),
+		ret = snprintf(dmcrypt_open_cmd, sizeof(dmcrypt_open_cmd),
 				"/bin/echo '%s' | /sbin/cryptsetup "
 				"-M plain -c aes-cbc-plain -h plain open %s %s",
 				passwd, loopback_device, dev_name);
+		if (ret < 0 || ret > sizeof(dmcrypt_open_cmd)) {
+			_E("snprintf fail\n");
+			return -1;
+		}
 	} else {
-		snprintf(dmcrypt_open_cmd, sizeof(dmcrypt_open_cmd),
+		ret = snprintf(dmcrypt_open_cmd, sizeof(dmcrypt_open_cmd),
 				"/bin/echo '%s' | /sbin/cryptsetup -q luksOpen "
 				"%s %s",
 				passwd, loopback_device, dev_name);
+		if (ret < 0 || ret > sizeof(dmcrypt_open_cmd)) {
+			_E("snprintf fail\n");
+			return -1;
+		}
 	}
 	free(passwd);
 
@@ -209,9 +217,12 @@ int _app2sd_dmcrypt_open_device(const char *pkgid, const char *loopback_device,
 		_E("memory alloc failed");
 		return APP2EXT_ERROR_OPEN_DMCRYPT_DEVICE;
 	}
-	snprintf(*dev_node, size, "/dev/mapper/%s", dev_name);
-
-	return ret;
+	ret = snprintf(*dev_node, size, "/dev/mapper/%s", dev_name);
+	if (ret < 0 || ret > size) {
+			_E("snprintf fail\n");
+			return -1;
+	}
+	return 0;
 }
 
 int _app2sd_dmcrypt_close_device(const char *pkgid, uid_t uid)
@@ -236,9 +247,17 @@ int _app2sd_dmcrypt_close_device(const char *pkgid, uid_t uid)
 
 	free(t_dev_node);
 
-	snprintf(dev_node, sizeof(dev_node), "/dev/mapper/%s_%d", pkgid, uid);
-	snprintf(dmcrypt_close_cmd, sizeof(dmcrypt_close_cmd),
+	ret = snprintf(dev_node, sizeof(dev_node), "/dev/mapper/%s_%d", pkgid, uid);
+	if (ret < 0 || ret > sizeof(dev_node)) {
+		_E("snprintf fail");
+		return APP2EXT_ERROR_CLOSE_DMCRYPT_DEVICE;
+	}
+	ret = snprintf(dmcrypt_close_cmd, sizeof(dmcrypt_close_cmd),
 			"/sbin/cryptsetup -q luksClose %s", dev_node);
+	if (ret < 0 || ret > sizeof(dmcrypt_close_cmd)) {
+		_E("snprintf fail");
+		return APP2EXT_ERROR_CLOSE_DMCRYPT_DEVICE;
+	}
 	ret = system(dmcrypt_close_cmd);
 	if (ret) {
 		err_str = strerror_r(errno, err_buf, sizeof(err_buf));
-- 
2.7.4