projects / platform / core / appfw / message-port.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1365c86)
Fix tainted int 68/74868/1 accepted/tizen/ivi/20160623.121957 accepted/tizen/mobile/20160623.121920 accepted/tizen/tv/20160623.121927 accepted/tizen/wearable/20160623.121940 submit/tizen/20160622.083438 submit/tizen_common/20160703.163500 submit/tizen_common/20160703.163502 submit/tizen_common/20160703.182952
authorHyunho Kang <hhstark.kang@samsung.com>
Thu, 16 Jun 2016 02:30:01 +0000 (11:30 +0900)
committerHyunho Kang <hhstark.kang@samsung.com>
Thu, 16 Jun 2016 02:30:33 +0000 (11:30 +0900)
Change-Id: I4b7f89fc432b2b4203370633cb76b263a6717db9
Signed-off-by: Hyunho Kang <hhstark.kang@samsung.com>
src/message-port.c patch | blob | history

diff --git a/src/message-port.c b/src/message-port.c
index a43ba36..4d4699f 100755 (executable)
--- a/src/message-port.c
+++ b/src/message-port.c
@@ -579,7 +579,7 @@ static int __read_string_from_socket(int fd, char **buffer, int *string_len)
                LOGE("read socket fail");
                return MESSAGEPORT_ERROR_IO_ERROR;
        }
-       if (*string_len > 0) {
+       if (*string_len > 0 && *string_len < MAX_MESSAGE_SIZE) {
                *buffer = (char *)calloc(*string_len, sizeof(char));
                if (*buffer == NULL) {
                        LOGE("Out of memory.");
@@ -589,6 +589,9 @@ static int __read_string_from_socket(int fd, char **buffer, int *string_len)
                        LOGE("read socket fail");
                        return MESSAGEPORT_ERROR_IO_ERROR;
                }
+       } else {
+               LOGE("Invalid string len %d", &string_len);
+               return MESSAGEPORT_ERROR_IO_ERROR;
        }
        return MESSAGEPORT_ERROR_NONE;
 }
Domain: App Framework / Application Communication;