From 6da9b7f1736e73f64fbe63893dda486e4c08e18d Mon Sep 17 00:00:00 2001 From: sinikang Date: Mon, 18 Feb 2019 13:54:37 +0900 Subject: [PATCH] Fix svace issue (378703, 378705) - missing null termination on string copy Change-Id: Ide831d8fc0d68e74976e99bca02c74b7a73ce917 Signed-off-by: sinikang --- packaging/org.tizen.ciss.spec | 2 +- src/ciss-parser.c | 3 ++- src/ciss-util.c | 3 +++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/packaging/org.tizen.ciss.spec b/packaging/org.tizen.ciss.spec index dbf469a..b70d401 100644 --- a/packaging/org.tizen.ciss.spec +++ b/packaging/org.tizen.ciss.spec @@ -1,6 +1,6 @@ %define major 0 %define minor 1 -%define patchlevel 7 +%define patchlevel 8 Name: org.tizen.ciss Summary: CISS-MMI application diff --git a/src/ciss-parser.c b/src/ciss-parser.c index 8579a98..9495915 100644 --- a/src/ciss-parser.c +++ b/src/ciss-parser.c @@ -326,7 +326,8 @@ int _ciss_parse_req_string(char *pszSS, ciss_mmi_context_t *mmi_ctx) DBG("\n [CISS-ENGINE] received string = %s", pszSS); mmi_ctx->user_string_length = strlen(pszSS); if (mmi_ctx->user_string_length > 0) { - memcpy(mmi_ctx->user_string, pszSS, mmi_ctx->user_string_length); + memset(mmi_ctx->user_string, 0, MAX_USS_CHAR); + strncpy(mmi_ctx->user_string, pszSS, MAX_USS_CHAR - 1); } else { DBG("\n [CISS-ENGINE] User String Length should be non-zero"); return CISS_ERR_UNKNOWN; diff --git a/src/ciss-util.c b/src/ciss-util.c index ae9a44f..7bb0eec 100644 --- a/src/ciss-util.c +++ b/src/ciss-util.c @@ -25,6 +25,9 @@ char *_ciss_strcpy(char *pBuffer, int nBufCount, const char *pszString) { + retv_if(pBuffer == NULL, NULL); + memset(pBuffer, 0, nBufCount*sizeof(char)); + if ((nBufCount - 1) >= (int)strlen(pszString)) { strncpy(pBuffer, pszString, (int)strlen(pszString)); pBuffer[(int)strlen(pszString)] = '\0'; -- 2.7.4