From f5cd214d92d63433a829ca64f3a6d711c92bc00d Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Fri, 30 Jun 2017 14:11:37 +0900 Subject: [PATCH 01/16] packaging: modify user and group of tv service file The 'sdk' user group causes TV smack denying. This almost revert of commit a16797abdc35b105d38beaf9aaccab12b616933d. Change-Id: Id0a4beb8efc9e986cfd9f7eb56041de0d05b1105 Signed-off-by: Sooyoung Ha --- packaging/sdbd_device_tv.service | 2 -- packaging/sdbd_emulator_tv.service | 2 -- 2 files changed, 4 deletions(-) diff --git a/packaging/sdbd_device_tv.service b/packaging/sdbd_device_tv.service index b683d96..fe3c965 100644 --- a/packaging/sdbd_device_tv.service +++ b/packaging/sdbd_device_tv.service @@ -4,8 +4,6 @@ Requires=tizen-system-env.service After=tmp.mount [Service] -User=sdk -Group=sdk Type=forking #location of SDBD log file #Environment=SDBD_LOG_PATH=/tmp diff --git a/packaging/sdbd_emulator_tv.service b/packaging/sdbd_emulator_tv.service index 0590499..4d81fd2 100644 --- a/packaging/sdbd_emulator_tv.service +++ b/packaging/sdbd_emulator_tv.service @@ -5,8 +5,6 @@ After=tmp.mount dbus.service #DefaultDependencies=false [Service] -User=sdk -Group=sdk Type=forking #location of SDBD log file #Environment=SDBD_LOG_PATH=/tmp -- 2.7.4 From ff571418f7992e29f3d5f8f329ea67d4640eca51 Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Fri, 30 Jun 2017 14:15:11 +0900 Subject: [PATCH 02/16] package: update version (3.0.32) Change-Id: I44433704c5f7267dee1aa18573e760bed2cbc56e Signed-off-by: Sooyoung Ha --- packaging/sdbd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 3bfc0ec..c3cdb7a 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -2,7 +2,7 @@ Name: sdbd Summary: SDB daemon -Version: 3.0.31 +Version: 3.0.32 Release: 0 License: Apache-2.0 Summary: SDB daemon -- 2.7.4 From a3f4720d14b5ff542bea08801d6ae54b2f9a849a Mon Sep 17 00:00:00 2001 From: Slava Barinov Date: Fri, 26 May 2017 12:01:38 +0300 Subject: [PATCH 03/16] package: Add libpthread explicitly for ASan build Change-Id: I39508a5c77a41f5ce3b3dfcfe295cb24bde4a367 Signed-off-by: Slava Barinov --- packaging/sdbd.spec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index c3cdb7a..5ad9833 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -68,8 +68,7 @@ SDBD plugin API library cp %{SOURCE1003} . %build - -cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \ +cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} %{?asan:-DCMAKE_EXE_LINKER_FLAGS="-pthread"} make %{?jobs:-j%jobs} -- 2.7.4 From 1584bbf77ce59b2d5987b01a8bd327376ba44b8e Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Tue, 25 Jul 2017 15:29:36 +0900 Subject: [PATCH 04/16] service: apply capabilities for security Change-Id: If8ea4bba3476acf2d2043f17f6f8b63538fd9f8f Signed-off-by: Sooyoung Ha --- packaging/sdbd_device.service | 2 ++ packaging/sdbd_device_tv.service | 2 ++ packaging/sdbd_emulator.service | 2 ++ packaging/sdbd_emulator_tv.service | 2 ++ packaging/sdbd_tcp.service | 2 ++ 5 files changed, 10 insertions(+) diff --git a/packaging/sdbd_device.service b/packaging/sdbd_device.service index b47e8f3..779e42e 100644 --- a/packaging/sdbd_device.service +++ b/packaging/sdbd_device.service @@ -12,6 +12,8 @@ EnvironmentFile=-/run/tizen-system-env PIDFile=/tmp/.sdbd.pid Restart=on-failure SmackProcessLabel=System +Capabilities=cap_dac_override,cap_setgid,cap_setuid,cap_sys_admin=i +SecureBits=keep-caps ExecStart=/usr/sbin/sdbd [Install] diff --git a/packaging/sdbd_device_tv.service b/packaging/sdbd_device_tv.service index fe3c965..0ea497d 100644 --- a/packaging/sdbd_device_tv.service +++ b/packaging/sdbd_device_tv.service @@ -11,6 +11,8 @@ EnvironmentFile=-/run/tizen-system-env OOMScoreAdjust=-1000 PIDFile=/tmp/.sdbd.pid Restart=on-failure +Capabilities=cap_dac_override,cap_setgid,cap_setuid,cap_sys_admin=i +SecureBits=keep-caps ExecStart=/usr/sbin/sdbd [Install] diff --git a/packaging/sdbd_emulator.service b/packaging/sdbd_emulator.service index abd1605..74c5d9b 100644 --- a/packaging/sdbd_emulator.service +++ b/packaging/sdbd_emulator.service @@ -13,6 +13,8 @@ PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes #ExecStartPre=/bin/bash -c "/bin/echo '10.0.2.15/32 system::debugging_network' >> /smack/netlabel" SmackProcessLabel=System +Capabilities=cap_dac_override,cap_setgid,cap_setuid,cap_sys_admin=i +SecureBits=keep-caps ExecStart=/bin/sh -c "/usr/sbin/sdbd `/usr/bin/awk '{match($0, /sdb_port=([0-9]+)/,port_match); match($0, /vm_name=([^, ]*)/,vm_match); print \"--emulator=\" vm_match[1] \":\" port_match[1] \" --connect-to=10.0.2.2:26099\" \" --sensors=10.0.2.2:\"port_match[1]+3 }' /proc/cmdline`" [Install] diff --git a/packaging/sdbd_emulator_tv.service b/packaging/sdbd_emulator_tv.service index 4d81fd2..3627ded 100644 --- a/packaging/sdbd_emulator_tv.service +++ b/packaging/sdbd_emulator_tv.service @@ -12,6 +12,8 @@ Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes OOMScoreAdjust=-1000 +Capabilities=cap_dac_override,cap_setgid,cap_setuid,cap_sys_admin=i +SecureBits=keep-caps #ExecStartPre=/bin/bash -c "/bin/echo '10.0.2.15/32 system::debugging_network' >> /smack/netlabel" ExecStart=/bin/sh -c "/usr/sbin/sdbd `/usr/bin/awk '{match($0, /sdb_port=([0-9]+)/,port_match); match($0, /vm_name=([^, ]*)/,vm_match); print \"--emulator=\" vm_match[1] \":\" port_match[1] \" --connect-to=10.0.2.2:26099\" \" --sensors=10.0.2.2:\"port_match[1]+3 }' /proc/cmdline`" diff --git a/packaging/sdbd_tcp.service b/packaging/sdbd_tcp.service index ade025c..5269cfe 100644 --- a/packaging/sdbd_tcp.service +++ b/packaging/sdbd_tcp.service @@ -8,4 +8,6 @@ Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes SmackProcessLabel=System +Capabilities=cap_dac_override,cap_setgid,cap_setuid,cap_sys_admin=i +SecureBits=keep-caps ExecStart=/usr/sbin/sdbd --listen-port=26101 -- 2.7.4 From 1c6c0ba027a22eb3913613b07e387f517ecb5c17 Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Tue, 25 Jul 2017 15:30:19 +0900 Subject: [PATCH 05/16] package: update version (3.0.33) Change-Id: Ie125643663764582fee9458810531eabf0baf208 Signed-off-by: Sooyoung Ha --- packaging/sdbd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 5ad9833..988fcd6 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -2,7 +2,7 @@ Name: sdbd Summary: SDB daemon -Version: 3.0.32 +Version: 3.0.33 Release: 0 License: Apache-2.0 Summary: SDB daemon -- 2.7.4 From 9aa94491aeda2e6e3b236fd18ae4ac30bc26bb14 Mon Sep 17 00:00:00 2001 From: Jinhyung Jo Date: Wed, 9 Aug 2017 16:50:43 +0900 Subject: [PATCH 06/16] source: add code to check for null pointer Change-Id: Ie73726a837cdc6d28468845c91388644f0c5a853 Signed-off-by: Jinhyung Jo --- src/default_plugin_auth.c | 4 ++++ src/default_plugin_basic.c | 28 ++++++++++++++++++++++++++++ src/default_plugin_event.c | 14 ++++++++++++++ src/plugin.c | 44 ++++++++++++++++++++++++++++++-------------- src/plugin_encrypt.c | 36 ++++++++++++++++++++++++++++++++++++ src/usb_funcfs_client.c | 4 ++++ 6 files changed, 116 insertions(+), 14 deletions(-) diff --git a/src/default_plugin_auth.c b/src/default_plugin_auth.c index 103603b..5021827 100644 --- a/src/default_plugin_auth.c +++ b/src/default_plugin_auth.c @@ -32,6 +32,10 @@ int auth_support ( parameters* in, parameters* out ) out->number_of_parameter = 1; out->array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (out->array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return PLUGIN_CMD_FAIL; + } out->array_of_parameter[0].type = type_int32; out->array_of_parameter[0].v_int32 = PLUGIN_RET_INVALID; diff --git a/src/default_plugin_basic.c b/src/default_plugin_basic.c index 6078e7e..0354377 100644 --- a/src/default_plugin_basic.c +++ b/src/default_plugin_basic.c @@ -49,6 +49,10 @@ int get_plugin_capability ( parameters* in, parameters* out ) out->number_of_parameter = 1; out->array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (out->array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return PLUGIN_CMD_FAIL; + } capability = in->array_of_parameter[0].v_int32; @@ -114,6 +118,10 @@ int verify_shell_cmd ( parameters* in, parameters* out ) out->number_of_parameter = 1; out->array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (out->array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return PLUGIN_CMD_FAIL; + } out->array_of_parameter[0].type = type_int32; out->array_of_parameter[0].v_int32 = PLUGIN_RET_VALID; @@ -137,6 +145,10 @@ int convert_shell_cmd ( parameters* in, parameters* out ) out->number_of_parameter = 1; out->array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (out->array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return PLUGIN_CMD_FAIL; + } make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", in->array_of_parameter[0].v_string.data ); return PLUGIN_CMD_SUCCESS; @@ -159,6 +171,10 @@ int verify_peer_ip ( parameters* in, parameters* out ) out->number_of_parameter = 1; out->array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (out->array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return PLUGIN_CMD_FAIL; + } out->array_of_parameter[0].type = type_int32; out->array_of_parameter[0].v_int32 = PLUGIN_RET_VALID; @@ -174,6 +190,10 @@ int verify_sdbd_launch ( parameters* in, parameters* out ) out->number_of_parameter = 1; out->array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (out->array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return PLUGIN_CMD_FAIL; + } out->array_of_parameter[0].type = type_int32; out->array_of_parameter[0].v_int32 = PLUGIN_RET_VALID; @@ -197,6 +217,10 @@ int verify_root_cmd ( parameters* in, parameters* out ) out->number_of_parameter = 1; out->array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (out->array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return PLUGIN_CMD_FAIL; + } out->array_of_parameter[0].type = type_int32; if ( verify_root_commands ( in->array_of_parameter[0].v_string.data ) ) { @@ -217,6 +241,10 @@ int get_shell_env ( parameters* in, parameters* out ) out->number_of_parameter = 1; out->array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (out->array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return PLUGIN_CMD_FAIL; + } make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", "" ); return PLUGIN_CMD_SUCCESS; diff --git a/src/default_plugin_event.c b/src/default_plugin_event.c index 787c3f4..37aa39a 100644 --- a/src/default_plugin_event.c +++ b/src/default_plugin_event.c @@ -120,6 +120,11 @@ int get_lock_state ( parameters* in, parameters* out ) out->number_of_parameter = 1; out->array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (out->array_of_parameter == NULL) { + out->number_of_parameter = 0; + PLUGIN_LOG("failed to allocate memory for the parameter\n"); + return PLUGIN_CMD_FAIL; + } out->array_of_parameter[0].type = type_int32; out->array_of_parameter[0].v_int32 = ( plugin_pwlocked() == 1 ) ? PLUGIN_RET_ON : PLUGIN_RET_OFF; @@ -132,8 +137,17 @@ static void pwlock_cb ( keynode_t *key, void* data ) int pwlocked = plugin_pwlocked(); parameters* out = ( parameters* ) malloc ( sizeof ( parameters ) ); + if (out == NULL) { + PLUGIN_LOG("failed to allocate memory for the parameter\n"); + return; + } out->number_of_parameter = 1; out->array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (out->array_of_parameter == NULL) { + PLUGIN_LOG("failed to allocate memory for the parameter\n"); + free(out); + return; + } out->array_of_parameter[0].type = type_int32; out->array_of_parameter[0].v_int32 = ( pwlocked == 1 ) ? PLUGIN_RET_ON : PLUGIN_RET_OFF; diff --git a/src/plugin.c b/src/plugin.c index 394c863..fd6ceb8 100644 --- a/src/plugin.c +++ b/src/plugin.c @@ -212,10 +212,6 @@ static void request_async_cmd ( int cmd, parameters* in, int out_fd ) ret = default_plugin_async_proc ( cmd, in, out_fd ); } - release_parameters ( in ); - if ( in != NULL ) { - free( in ); - } sdb_close(out_fd); } @@ -266,6 +262,10 @@ int request_capability_to_plugin ( int cap, char* out_buf, unsigned int out_len in.number_of_parameter = 1; in.array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return success; + } in.array_of_parameter[0].type = type_int32; in.array_of_parameter[0].v_int32 = cap; @@ -296,6 +296,10 @@ int request_validity_to_plugin ( int cmd, const char* in_buf ) if ( in_buf != NULL ) { in.number_of_parameter = 1; in.array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return success; + } in.array_of_parameter[0].type = type_string; in.array_of_parameter[0].v_string.length = strlen ( in_buf ); in.array_of_parameter[0].v_string.data = strdup ( in_buf ); @@ -329,6 +333,10 @@ int request_conversion_to_plugin ( int cmd, const char* in_buf, char* out_buf, u if ( in_buf != NULL ) { in.number_of_parameter = 1; in.array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return success; + } in.array_of_parameter[0].type = type_string; in.array_of_parameter[0].v_string.length = strlen ( in_buf ); in.array_of_parameter[0].v_string.data = strdup ( in_buf ); @@ -360,6 +368,10 @@ int request_lock_state_to_plugin ( int lock_type ) in.number_of_parameter = 1; in.array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return result; + } in.array_of_parameter[0].type = type_int32; in.array_of_parameter[0].v_int32 = lock_type; @@ -384,23 +396,27 @@ int request_lock_state_to_plugin ( int lock_type ) // return -1 if failed to create async proc thread int request_appcmd_to_plugin ( const char* in_buf ) { - parameters* in; + parameters in; int fd; - in = ( parameters* ) malloc ( sizeof ( parameters ) ); if ( in_buf != NULL ) { - in->number_of_parameter = 1; - in->array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); - in->array_of_parameter[0].type = type_string; - in->array_of_parameter[0].v_string.length = strlen ( in_buf ); - in->array_of_parameter[0].v_string.data = strdup ( in_buf ); + in.number_of_parameter = 1; + in.array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return -1; + } + in.array_of_parameter[0].type = type_string; + in.array_of_parameter[0].v_string.length = strlen ( in_buf ); + in.array_of_parameter[0].v_string.data = strdup ( in_buf ); } else { - in->number_of_parameter = 0; - in->array_of_parameter = NULL; + in.number_of_parameter = 0; + in.array_of_parameter = NULL; } - fd = create_async_proc_thread( PLUGIN_ASYNC_CMD_APPCMD_SERVICE, in ); + fd = create_async_proc_thread( PLUGIN_ASYNC_CMD_APPCMD_SERVICE, &in ); + release_parameters ( &in ); return fd; } diff --git a/src/plugin_encrypt.c b/src/plugin_encrypt.c index b7fc3ab..8bd9b9d 100644 --- a/src/plugin_encrypt.c +++ b/src/plugin_encrypt.c @@ -25,11 +25,19 @@ int security_init(const int nSessionID, const char* pUserID) if (pUserID == NULL) { in.number_of_parameter = 1; in.array_of_parameter = ( parameter* ) malloc ( sizeof (parameter) ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return success; + } in.array_of_parameter[0].type = type_int32; in.array_of_parameter[0].v_int32 = nSessionID; } else { in.number_of_parameter = 2; in.array_of_parameter = ( parameter* ) malloc ( sizeof (parameter) * in.number_of_parameter ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return success; + } in.array_of_parameter[0].type = type_int32; in.array_of_parameter[0].v_int32 = nSessionID; in.array_of_parameter[1].type = type_string; @@ -57,6 +65,10 @@ int security_deinit(const int nSessionID) in.number_of_parameter = 1; in.array_of_parameter = ( parameter* ) malloc ( sizeof (parameter) ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return success; + } in.array_of_parameter[0].type = type_int32; in.array_of_parameter[0].v_int32 = nSessionID; @@ -80,6 +92,10 @@ int security_parse_server_hello(const int nSessionID, apacket* pApacket) in.number_of_parameter = 2; in.array_of_parameter = ( parameter* ) malloc ( sizeof (parameter) * in.number_of_parameter ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return success; + } in.array_of_parameter[0].type = type_int32; in.array_of_parameter[0].v_int32 = nSessionID; in.array_of_parameter[1].type = type_chunk; @@ -108,6 +124,10 @@ int security_gen_client_hello(const int nSessionID, apacket* pApacket) in.number_of_parameter = 1; in.array_of_parameter = ( parameter* ) malloc ( sizeof (parameter) ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return success; + } in.array_of_parameter[0].type = type_int32; in.array_of_parameter[0].v_int32 = nSessionID; @@ -133,6 +153,10 @@ int security_parse_server_ack(const int nSessionID, apacket* pApacket) in.number_of_parameter = 2; in.array_of_parameter = ( parameter* ) malloc ( sizeof (parameter) * in.number_of_parameter ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return success; + } in.array_of_parameter[0].type = type_int32; in.array_of_parameter[0].v_int32 = nSessionID; in.array_of_parameter[1].type = type_chunk; @@ -161,6 +185,10 @@ int security_gen_client_ack(const int nSessionID, apacket* pApacket) in.number_of_parameter = 1; in.array_of_parameter = ( parameter* ) malloc ( sizeof (parameter) ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return success; + } in.array_of_parameter[0].type = type_int32; in.array_of_parameter[0].v_int32 = nSessionID; @@ -186,6 +214,10 @@ int security_encrypt(const int nSessionID, apacket* pApacket) in.number_of_parameter = 2; in.array_of_parameter = ( parameter* ) malloc ( sizeof (parameter) * in.number_of_parameter ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return success; + } in.array_of_parameter[0].type = type_int32; in.array_of_parameter[0].v_int32 = nSessionID; in.array_of_parameter[1].type = type_chunk; @@ -216,6 +248,10 @@ int security_decrypt(const int nSessionID, apacket* pApacket) in.number_of_parameter = 2; in.array_of_parameter = ( parameter* ) malloc ( sizeof (parameter) * in.number_of_parameter ); + if (in.array_of_parameter == NULL) { + D("failed to allocate memory for the parameter\n"); + return success; + } in.array_of_parameter[0].type = type_int32; in.array_of_parameter[0].v_int32 = nSessionID; in.array_of_parameter[1].type = type_chunk; diff --git a/src/usb_funcfs_client.c b/src/usb_funcfs_client.c index 00b25c3..7522c11 100644 --- a/src/usb_funcfs_client.c +++ b/src/usb_funcfs_client.c @@ -487,6 +487,10 @@ void ffs_usb_init() D("[ usb_init - using FunctionFS ]\n"); h = calloc(1, sizeof(usb_handle)); + if (h == NULL) { + perror("[ failed to allocate memory for usb FunctionFS bulk device ]\n"); + return; + } if (autoconfig(h) < 0) { perror("[ can't recognize usb FunctionFS bulk device ]\n"); free(h); -- 2.7.4 From a4b3b87e3c533119a7037ea8f33d8690dd4e0816 Mon Sep 17 00:00:00 2001 From: Jinhyung Jo Date: Wed, 9 Aug 2017 18:31:01 +0900 Subject: [PATCH 07/16] source: remove unused code Change-Id: Ib52f23e49f6b876304d19567f7bf1b9b372b5742 Signed-off-by: Jinhyung Jo --- src/sdb.c | 78 +++-------------------------------------------------------- src/sdb.h | 2 +- src/sockets.h | 41 ------------------------------- 3 files changed, 4 insertions(+), 117 deletions(-) diff --git a/src/sdb.c b/src/sdb.c index 21653e3..353995f 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1110,14 +1110,6 @@ nomem: return 0; } -#ifdef HAVE_WIN32_PROC -static BOOL WINAPI ctrlc_handler(DWORD type) -{ - exit(STATUS_CONTROL_C_EXIT); - return TRUE; -} -#endif - static void sdb_cleanup(void) { clear_sdbd_commandline_args(&sdbd_commandline_args); @@ -1132,56 +1124,6 @@ static void sdb_cleanup(void) unload_sdbd_plugin(); } -void start_logging(void) -{ -#ifdef HAVE_WIN32_PROC - char temp[ MAX_PATH ]; - FILE* fnul; - FILE* flog; - - GetTempPath( sizeof(temp) - 8, temp ); - strcat( temp, "sdb.log" ); - - /* Win32 specific redirections */ - fnul = fopen( "NUL", "rt" ); - if (fnul != NULL) - stdin[0] = fnul[0]; - - flog = fopen( temp, "at" ); - if (flog == NULL) - flog = fnul; - - setvbuf( flog, NULL, _IONBF, 0 ); - - stdout[0] = flog[0]; - stderr[0] = flog[0]; - fprintf(stderr,"--- sdb starting (pid %d) ---\n", getpid()); -#else - int fd; - - fd = unix_open("/dev/null", O_RDONLY); - if (fd < 0) { - // hopefully not gonna happen - return; - } - dup2(fd, 0); - sdb_close(fd); - - fd = unix_open("/tmp/sdb.log", O_WRONLY | O_CREAT | O_APPEND, 0640); - if(fd < 0) { - fd = unix_open("/dev/null", O_WRONLY); - if (fd < 0) { - // hopefully not gonna happen - return; - } - } - dup2(fd, 1); - dup2(fd, 2); - sdb_close(fd); - fprintf(stderr,"--- sdb starting (pid %d) ---\n", getpid()); -#endif -} - void start_device_log(void) { int fd; @@ -1998,7 +1940,7 @@ static void fork_child_handler(void) sdb_mutex_unlock(&D_lock); } -int sdb_main(int is_daemon, int server_port) +int sdb_main(int server_port) { check_emulator_or_device(); @@ -2021,9 +1963,7 @@ int sdb_main(int is_daemon, int server_port) pthread_atfork(fork_prepare_handler, fork_parent_handler, fork_child_handler); atexit(sdb_cleanup); -#ifdef HAVE_WIN32_PROC - SetConsoleCtrlHandler( ctrlc_handler, TRUE ); -#elif defined(HAVE_FORKEXEC) +#if defined(HAVE_FORKEXEC) // No SIGCHLD. Let the service subproc handle its children. signal(SIGPIPE, SIG_IGN); #endif @@ -2113,18 +2053,6 @@ int sdb_main(int is_daemon, int server_port) D("sdb_main(): post init_jdwp()\n"); #endif - if (is_daemon) - { - // inform our parent that we are up and running. -#ifdef HAVE_WIN32_PROC - DWORD count; - WriteFile( GetStdHandle( STD_OUTPUT_HANDLE ), "OK\n", 3, &count, NULL ); -#elif defined(HAVE_FORKEXEC) - fprintf(stderr, "OK\n"); -#endif - start_logging(); - } - D("Event loop starting\n"); fdevent_loop(); @@ -2270,6 +2198,6 @@ int main(int argc, char **argv) //sdbd will never die on emulator! signal(SIGTERM, handle_sig_term); /* tizen specific */ - return sdb_main(0, DEFAULT_SDB_PORT); + return sdb_main(DEFAULT_SDB_PORT); } diff --git a/src/sdb.h b/src/sdb.h index 1516455..43a3bfe 100644 --- a/src/sdb.h +++ b/src/sdb.h @@ -323,7 +323,7 @@ void send_packet(apacket *p, atransport *t); void get_my_path(char *s, size_t maxLen); int launch_server(int server_port); -int sdb_main(int is_daemon, int server_port); +int sdb_main(int server_port); /* transports are ref-counted diff --git a/src/sockets.h b/src/sockets.h index e358a19..56f4e60 100644 --- a/src/sockets.h +++ b/src/sockets.h @@ -28,52 +28,11 @@ typedef int socklen_t; #include #endif -#define ANDROID_SOCKET_ENV_PREFIX "ANDROID_SOCKET_" -#define ANDROID_SOCKET_DIR "/dev/socket" - #ifdef __cplusplus extern "C" { #endif /* - * android_get_control_socket - simple helper function to get the file - * descriptor of our init-managed Unix domain socket. `name' is the name of the - * socket, as given in init.rc. Returns -1 on error. - * - * This is inline and not in libcutils proper because we want to use this in - * third-party daemons with minimal modification. - */ -static inline int android_get_control_socket(const char *name) -{ - char key[64] = ANDROID_SOCKET_ENV_PREFIX; - const char *val; - int fd; - - /* build our environment variable, counting cycles like a wolf ... */ -#if HAVE_STRLCPY - strlcpy(key + sizeof(ANDROID_SOCKET_ENV_PREFIX) - 1, - name, - sizeof(key) - sizeof(ANDROID_SOCKET_ENV_PREFIX)); -#else /* for the host, which may lack the almightly strncpy ... */ - strncpy(key + sizeof(ANDROID_SOCKET_ENV_PREFIX) - 1, - name, - sizeof(key) - sizeof(ANDROID_SOCKET_ENV_PREFIX)); - key[sizeof(key)-1] = '\0'; -#endif - - val = getenv(key); - if (!val) - return -1; - - errno = 0; - fd = strtol(val, NULL, 10); - if (errno) - return -1; - - return fd; -} - -/* * See also android.os.LocalSocketAddress.Namespace */ // Linux "abstract" (non-filesystem) namespace -- 2.7.4 From 2b01f773b7b1f615dba1fbc3247a336af7872896 Mon Sep 17 00:00:00 2001 From: Jinhyung Jo Date: Wed, 9 Aug 2017 21:28:47 +0900 Subject: [PATCH 08/16] source: fix security issues Change-Id: I49c6c58ec6646f33183881440e6a1bd6607801dd Signed-off-by: Jinhyung Jo --- src/sdb.c | 11 +++-------- src/socket_network_client.c | 9 +++++++-- src/usb_linux.c | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/sdb.c b/src/sdb.c index 353995f..84d3b53 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1629,13 +1629,8 @@ static void init_sdk_requirements() { // set env variable for temporary // TODO: should use pam instead later!! - if (!getenv("TERM")) { - putenv("TERM=linux"); - } - - if (!getenv("HOME")) { - putenv("HOME=/root"); - } + putenv("TERM=linux"); + putenv("HOME=/root"); init_sdk_userinfo(); init_root_userinfo(); @@ -1643,7 +1638,7 @@ static void init_sdk_requirements() { if (g_sdk_home_dir != NULL && stat(g_sdk_home_dir, &st) == 0) { if (st.st_uid != g_sdk_user_id || st.st_gid != g_sdk_group_id) { char cmd[128]; - snprintf(cmd, sizeof(cmd), "chown %s:%s %s -R", SDK_USER_NAME, SDK_USER_NAME, g_sdk_home_dir); + snprintf(cmd, sizeof(cmd), "/usr/bin/chown %s:%s %s -R", SDK_USER_NAME, SDK_USER_NAME, g_sdk_home_dir); if (system(cmd) < 0) { D("failed to change ownership to sdk user to %s\n", g_sdk_home_dir); } diff --git a/src/socket_network_client.c b/src/socket_network_client.c index 326040b..71f38cb 100644 --- a/src/socket_network_client.c +++ b/src/socket_network_client.c @@ -53,9 +53,14 @@ int socket_network_client(const char *host, int port, int type) while ((res = gethostbyname_r(host, &hostbuf, tmphstbuf, hstbuflen, &hp, &herr)) == ERANGE) { // enlarge the buffer hstbuflen *= 2; - tmphstbuf = realloc(tmphstbuf, hstbuflen); - if (tmphstbuf == NULL) { + void *tmpbuf = realloc(tmphstbuf, hstbuflen); + if (tmpbuf == NULL) { + if (tmphstbuf != NULL) { + free(tmphstbuf); + } return -1; + } else { + tmphstbuf = tmpbuf; } } if (res || hp == NULL) { diff --git a/src/usb_linux.c b/src/usb_linux.c index 7bf435b..0d8f2be 100644 --- a/src/usb_linux.c +++ b/src/usb_linux.c @@ -571,7 +571,7 @@ static void register_device(const char *dev_name, D("[ usb located new device %s (%d/%d/%d) ]\n", dev_name, ep_in, ep_out, interface); usb = calloc(1, sizeof(usb_handle)); - strcpy(usb->fname, dev_name); + strncpy(usb->fname, dev_name, sizeof(usb->fname) - 1); usb->ep_in = ep_in; usb->ep_out = ep_out; usb->zero_mask = zero_mask; -- 2.7.4 From d83d68e98be009da7c015fae9622134519a3dde8 Mon Sep 17 00:00:00 2001 From: Jinhyung Jo Date: Wed, 9 Aug 2017 23:24:35 +0900 Subject: [PATCH 09/16] source: remove use of getenv() Change-Id: I4caf3eb7f788ddd95a83be13a298d1c87c48de10 Signed-off-by: Jinhyung Jo --- packaging/sdbd.service | 2 ++ packaging/sdbd_device.service | 2 ++ packaging/sdbd_device_tv.service | 2 ++ packaging/sdbd_emulator.service | 2 ++ packaging/sdbd_emulator_tv.service | 2 ++ packaging/sdbd_tcp.service | 2 ++ src/sdb.c | 59 ++++++++++++++++++++++++++++++++++---- 7 files changed, 65 insertions(+), 6 deletions(-) diff --git a/packaging/sdbd.service b/packaging/sdbd.service index 76a066e..70b5139 100644 --- a/packaging/sdbd.service +++ b/packaging/sdbd.service @@ -2,6 +2,8 @@ Description=sdbd [Service] +#If necessary, Put Environment variable settings in a file like below +#ExecStartPre=/bin/bash -c "/bin/echo 'SDB_TRACE=all SDBD_LOG_PATH=/tmp' >> /tmp/.sdbdlog.conf" Type=forking PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes diff --git a/packaging/sdbd_device.service b/packaging/sdbd_device.service index 779e42e..8fe2e4a 100644 --- a/packaging/sdbd_device.service +++ b/packaging/sdbd_device.service @@ -8,6 +8,8 @@ User=sdk Group=sdk Type=forking #location of SDBD log file +#If necessary, Put Environment variable settings in a file like below +#ExecStartPre=/bin/bash -c "/bin/echo 'SDB_TRACE=all SDBD_LOG_PATH=/tmp' >> /tmp/.sdbdlog.conf" EnvironmentFile=-/run/tizen-system-env PIDFile=/tmp/.sdbd.pid Restart=on-failure diff --git a/packaging/sdbd_device_tv.service b/packaging/sdbd_device_tv.service index 0ea497d..7ca53a3 100644 --- a/packaging/sdbd_device_tv.service +++ b/packaging/sdbd_device_tv.service @@ -7,6 +7,8 @@ After=tmp.mount Type=forking #location of SDBD log file #Environment=SDBD_LOG_PATH=/tmp +#If necessary, Put Environment variable settings in a file like below +#ExecStartPre=/bin/bash -c "/bin/echo 'SDB_TRACE=all SDBD_LOG_PATH=/tmp' >> /tmp/.sdbdlog.conf" EnvironmentFile=-/run/tizen-system-env OOMScoreAdjust=-1000 PIDFile=/tmp/.sdbd.pid diff --git a/packaging/sdbd_emulator.service b/packaging/sdbd_emulator.service index 74c5d9b..7bf20f5 100644 --- a/packaging/sdbd_emulator.service +++ b/packaging/sdbd_emulator.service @@ -11,6 +11,8 @@ Type=forking Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes +#If necessary, Put Environment variable settings in a file like below +#ExecStartPre=/bin/bash -c "/bin/echo 'SDB_TRACE=all SDBD_LOG_PATH=/tmp' >> /tmp/.sdbdlog.conf" #ExecStartPre=/bin/bash -c "/bin/echo '10.0.2.15/32 system::debugging_network' >> /smack/netlabel" SmackProcessLabel=System Capabilities=cap_dac_override,cap_setgid,cap_setuid,cap_sys_admin=i diff --git a/packaging/sdbd_emulator_tv.service b/packaging/sdbd_emulator_tv.service index 3627ded..634974c 100644 --- a/packaging/sdbd_emulator_tv.service +++ b/packaging/sdbd_emulator_tv.service @@ -8,6 +8,8 @@ After=tmp.mount dbus.service Type=forking #location of SDBD log file #Environment=SDBD_LOG_PATH=/tmp +#If necessary, Put Environment variable settings in a file like below +#ExecStartPre=/bin/bash -c "/bin/echo 'SDB_TRACE=all SDBD_LOG_PATH=/tmp' >> /tmp/.sdbdlog.conf" Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes diff --git a/packaging/sdbd_tcp.service b/packaging/sdbd_tcp.service index 5269cfe..9995740 100644 --- a/packaging/sdbd_tcp.service +++ b/packaging/sdbd_tcp.service @@ -5,6 +5,8 @@ After=default.target [Service] Type=forking Environment=DISPLAY=:0 +#If necessary, Put Environment variable settings in a file like below +#ExecStartPre=/bin/bash -c "/bin/echo 'SDB_TRACE=all SDBD_LOG_PATH=/tmp' >> /tmp/.sdbdlog.conf" PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes SmackProcessLabel=System diff --git a/src/sdb.c b/src/sdb.c index 84d3b53..7b81403 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -68,6 +68,8 @@ SDB_MUTEX_DEFINE(zone_check_lock); SDB_MUTEX_DEFINE( D_lock ); #endif +#define SDB_LOGCONF_PATH "/tmp/.sdbdlog.conf" + int HOST = 0; // sdk user @@ -196,6 +198,43 @@ void fatal_errno(const char *fmt, ...) exit(-1); } +static char* get_sdb_log_conf(const char* key) +{ + int fd; + char line[256] = {0,}; + char value[256] = {0,}; + + if (access(SDB_LOGCONF_PATH, F_OK)) { + return NULL; + } + + fd = unix_open(SDB_LOGCONF_PATH, O_RDONLY); + if (fd < 0) { + D("failed to open '%s' file: %d\n", SDB_LOGCONF_PATH, errno); + return NULL; + } + + if (read_line(fd, line, sizeof(line)) > 0) { + char* start = strstr(line, key); + if (start != NULL) { + // move one more character to remove '=', + // including the length of the key string + start = start + strlen(key) + 1; + char* end = strstr(start, " "); + if (end != NULL) { + strncpy(value, start, end - start); + } else { + strncpy(value, start, sizeof(value)); + } + } else { + sdb_close(fd); + return NULL; + } + } + sdb_close(fd); + return strdup(value); +} + static int is_enable_sdbd_log() { return (!strncmp(g_capabilities.log_enable, PLUGIN_RET_ENABLED, strlen(PLUGIN_RET_ENABLED))); @@ -210,7 +249,8 @@ int sdb_trace_mask; */ void sdb_trace_init(void) { - const char* p = getenv("SDB_TRACE"); + char* ptr = get_sdb_log_conf("SDB_TRACE"); + const char* p; const char* q; static const struct { @@ -235,11 +275,13 @@ void sdb_trace_init(void) { NULL, 0 } }; - if (p == NULL) { + if (ptr == NULL) { if (is_enable_sdbd_log()) p = "all"; else return; + } else { + p = ptr; } /* use a comma/column/semi-colum/space separated list */ @@ -261,6 +303,7 @@ void sdb_trace_init(void) int flag = tags[tagn].flag; if (flag == 0) { sdb_trace_mask = ~0; + free(ptr); return; } sdb_trace_mask |= (1 << flag); @@ -271,6 +314,7 @@ void sdb_trace_init(void) if (*p) p++; } + free(ptr); } /* @@ -1133,18 +1177,21 @@ void start_device_log(void) struct tm now; time_t t; // char value[PROPERTY_VALUE_MAX]; - const char* p_trace = getenv("SDB_TRACE"); - const char* p_path = getenv("SDBD_LOG_PATH"); + char* p_trace = get_sdb_log_conf("SDB_TRACE"); + char* p_path = get_sdb_log_conf("SDBD_LOG_PATH"); // read the trace mask from persistent property persist.sdb.trace_mask // give up if the property is not set or cannot be parsed if ((p_trace == NULL ) && !is_enable_sdbd_log()) { return; + } else { + free(p_trace); } - if (p_path) + if (p_path) { snprintf(path_folder, sizeof(path_folder), "%s", p_path); - else if (g_capabilities.log_path[0] != '\0') + free(p_path); + } else if (g_capabilities.log_path[0] != '\0') snprintf(path_folder, sizeof(path_folder), "%s", g_capabilities.log_path); else return; -- 2.7.4 From 7cd279f040042565907e394fdd89372d1d18a3fd Mon Sep 17 00:00:00 2001 From: Jinhyung Jo Date: Thu, 10 Aug 2017 15:47:53 +0900 Subject: [PATCH 10/16] package: update version (3.0.34) Change-Id: I7e419c1b710447c9a588f7639fc3963b78f5f3d3 Signed-off-by: Jinhyung Jo --- packaging/sdbd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 988fcd6..85d2300 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -2,7 +2,7 @@ Name: sdbd Summary: SDB daemon -Version: 3.0.33 +Version: 3.0.34 Release: 0 License: Apache-2.0 Summary: SDB daemon -- 2.7.4 From 658a001a3707f5c5ccbb98d6f861e52cfe33efa1 Mon Sep 17 00:00:00 2001 From: Jinhyung Jo Date: Wed, 23 Aug 2017 11:23:58 +0900 Subject: [PATCH 11/16] appcmd: change argument from local to heap Change-Id: I708ae784d24cbd5394d2787bf15b53b27ee33c16 Signed-off-by: Jinhyung Jo --- src/plugin.c | 48 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 33 insertions(+), 15 deletions(-) diff --git a/src/plugin.c b/src/plugin.c index fd6ceb8..2e257fe 100644 --- a/src/plugin.c +++ b/src/plugin.c @@ -212,6 +212,8 @@ static void request_async_cmd ( int cmd, parameters* in, int out_fd ) ret = default_plugin_async_proc ( cmd, in, out_fd ); } + release_parameters(in); + free(in); sdb_close(out_fd); } @@ -229,21 +231,31 @@ static int create_async_proc_thread( int cmd, parameters* in ) sdb_thread_t t; int s[2]; - if( sdb_socketpair(s) ) { + if (sdb_socketpair(s)) { + release_parameters(in); + free(in); D("cannot create async proc socket pair\n"); return -1; } - async_param = ( async_parameter* ) malloc(sizeof(async_parameter)); - if( async_param == NULL ) fatal("cannot allocate async_parameter"); + async_param = (async_parameter*)malloc(sizeof(async_parameter)); + if (async_param == NULL) { + release_parameters(in); + free(in); + fatal("cannot allocate async_parameter"); + return -1; + } + async_param->cmd = cmd; async_param->in = in; async_param->out_fd = s[1]; - if(sdb_thread_create( &t, async_proc_bootstrap_func, async_param)){ + if (sdb_thread_create(&t, async_proc_bootstrap_func, async_param)) { free(async_param); sdb_close(s[0]); sdb_close(s[1]); + release_parameters(in); + free(in); D("cannot create async proc thread\n"); return -1; } @@ -396,27 +408,33 @@ int request_lock_state_to_plugin ( int lock_type ) // return -1 if failed to create async proc thread int request_appcmd_to_plugin ( const char* in_buf ) { - parameters in; + parameters* in; int fd; + in = (parameters*)malloc(sizeof(parameters)); + if (in == NULL) { + D("failed to allocate memory for the parameters\n"); + return -1; + } + if ( in_buf != NULL ) { - in.number_of_parameter = 1; - in.array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); - if (in.array_of_parameter == NULL) { + in->number_of_parameter = 1; + in->array_of_parameter = ( parameter* ) malloc ( sizeof ( parameter ) ); + if (in->array_of_parameter == NULL) { + free(in); D("failed to allocate memory for the parameter\n"); return -1; } - in.array_of_parameter[0].type = type_string; - in.array_of_parameter[0].v_string.length = strlen ( in_buf ); - in.array_of_parameter[0].v_string.data = strdup ( in_buf ); + in->array_of_parameter[0].type = type_string; + in->array_of_parameter[0].v_string.length = strlen ( in_buf ); + in->array_of_parameter[0].v_string.data = strdup ( in_buf ); } else { - in.number_of_parameter = 0; - in.array_of_parameter = NULL; + in->number_of_parameter = 0; + in->array_of_parameter = NULL; } - fd = create_async_proc_thread( PLUGIN_ASYNC_CMD_APPCMD_SERVICE, &in ); + fd = create_async_proc_thread( PLUGIN_ASYNC_CMD_APPCMD_SERVICE, in ); - release_parameters ( &in ); return fd; } -- 2.7.4 From 1560a95a7067bd956b578a05b84f1f774e5180f0 Mon Sep 17 00:00:00 2001 From: Jinhyung Jo Date: Wed, 23 Aug 2017 13:54:15 +0900 Subject: [PATCH 12/16] package: update version (3.0.35) Change-Id: I1e8537183d81eb117354adb4f7a4b97d05b0f32f Signed-off-by: Jinhyung Jo --- packaging/sdbd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 85d2300..c8f7e71 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -2,7 +2,7 @@ Name: sdbd Summary: SDB daemon -Version: 3.0.34 +Version: 3.0.35 Release: 0 License: Apache-2.0 Summary: SDB daemon -- 2.7.4 From 87037ecc50670f4e3b6e801df933f2a90328586f Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Thu, 7 Sep 2017 15:33:33 +0900 Subject: [PATCH 13/16] packaging: modify user and group of tcp service Change-Id: Ia67f0da66d2326898d19e8e9effeb91c65eb3d4f Signed-off-by: Sooyoung Ha --- packaging/sdbd_tcp.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packaging/sdbd_tcp.service b/packaging/sdbd_tcp.service index 9995740..7ff330d 100644 --- a/packaging/sdbd_tcp.service +++ b/packaging/sdbd_tcp.service @@ -3,6 +3,8 @@ Description=sdbd After=default.target [Service] +User=sdk +Group=sdk Type=forking Environment=DISPLAY=:0 #If necessary, Put Environment variable settings in a file like below -- 2.7.4 From 814003e36e1b7c4fd9a3a19b1929d67bd6c9e097 Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Fri, 8 Sep 2017 18:05:01 +0900 Subject: [PATCH 14/16] package: update version (3.0.36) Change-Id: I2be9a7801aa4eb64ae68a517e2eae892aeb521b4 Signed-off-by: Sooyoung Ha --- packaging/sdbd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index c8f7e71..b7ff09d 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -2,7 +2,7 @@ Name: sdbd Summary: SDB daemon -Version: 3.0.35 +Version: 3.0.36 Release: 0 License: Apache-2.0 Summary: SDB daemon -- 2.7.4 From 2906cdafd12e4414bcf261b2b7e74c97ebe6a5e7 Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Tue, 19 Sep 2017 11:36:33 +0900 Subject: [PATCH 15/16] secure: change insecure system function system() -> fork() + execve() Change-Id: I0a8a062013dddfbce03f11ddb6e02962775eb3e9 Signed-off-by: Sooyoung Ha --- src/sdb.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 50 insertions(+), 3 deletions(-) diff --git a/src/sdb.c b/src/sdb.c index 7b81403..f614bfb 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1671,6 +1671,29 @@ static int init_sdk_userinfo() { return 0; } +static int safe_system(char *cmd, char *argv[], char *envp[]) { + pid_t pid; + int status; + + pid = fork(); + switch (pid) { + case -1: + return -1; + case 0: + execve(cmd, argv, envp); + D("- exec '%s' failed: (errno:%d) -\n", cmd, errno); + exit(-1); + default: + for (;;) { + pid_t p = waitpid(pid, &status, 0); + if (p == pid) { + break; + } + } + } + return 0; +} + static void init_sdk_requirements() { struct stat st; @@ -1684,11 +1707,35 @@ static void init_sdk_requirements() { if (g_sdk_home_dir != NULL && stat(g_sdk_home_dir, &st) == 0) { if (st.st_uid != g_sdk_user_id || st.st_gid != g_sdk_group_id) { - char cmd[128]; - snprintf(cmd, sizeof(cmd), "/usr/bin/chown %s:%s %s -R", SDK_USER_NAME, SDK_USER_NAME, g_sdk_home_dir); - if (system(cmd) < 0) { + char* cmd = "/usr/bin/chown"; + char params[128]; + char* envp[128]; + int envp_cnt = 0; + int i = 0; + + envp[envp_cnt++] = g_strdup("TERM=linux"); + envp[envp_cnt++] = g_strdup("DISPLAY=:0"); + envp[envp_cnt] = NULL; + + snprintf(params, sizeof(params), "%s %s:%s %s -R", cmd, SDK_USER_NAME, SDK_USER_NAME, g_sdk_home_dir); + + char* args[] = { + cmd, + params, + NULL, + }; + if (safe_system(cmd, args, envp) < 0) { D("failed to change ownership to sdk user to %s\n", g_sdk_home_dir); } + + /* free environment variables */ + if (envp_cnt > 0) { + for (i = 0; i < envp_cnt; i++) { + if (envp[i]) { + g_free(envp[i]); + } + } + } } } -- 2.7.4 From 59664783234a29d7ae553f03efa8c75afeb5c0fd Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Tue, 19 Sep 2017 11:37:52 +0900 Subject: [PATCH 16/16] package: update version (3.0.37) Change-Id: I19f19ba2b4acbe6b745233ff1179e6452aa3ef3e Signed-off-by: Sooyoung Ha --- packaging/sdbd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index b7ff09d..37840ee 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -2,7 +2,7 @@ Name: sdbd Summary: SDB daemon -Version: 3.0.36 +Version: 3.0.37 Release: 0 License: Apache-2.0 Summary: SDB daemon -- 2.7.4