From: Sangyoon Jang Date: Wed, 19 Jul 2017 12:36:30 +0000 (+0900) Subject: Fix misusing of strncat X-Git-Tag: accepted/tizen/unified/20170724.020231~2 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fappfw%2Fpkgmgr-info.git;a=commitdiff_plain;h=5218d7d63794f4d3a066989a110857cb55f58579 Fix misusing of strncat Change-Id: Id7f80647efc65d4e989837a455770784176ed45d Signed-off-by: Sangyoon Jang --- diff --git a/src/pkgmgrinfo_appinfo.c b/src/pkgmgrinfo_appinfo.c index 413e533..e56c602 100644 --- a/src/pkgmgrinfo_appinfo.c +++ b/src/pkgmgrinfo_appinfo.c @@ -57,7 +57,6 @@ static int _get_filtered_query(pkgmgrinfo_filter_x *filter, const char *locale, uid_t uid, char **query, GList **bind_params) { int joined = 0; - size_t len = 0; char *condition = NULL; char buf[MAX_QUERY_LEN] = { '\0' }; char tmp_query[MAX_QUERY_LEN] = { '\0' }; @@ -65,65 +64,48 @@ static int _get_filtered_query(pkgmgrinfo_filter_x *filter, if (!filter) return PMINFO_R_OK; - strncat(buf, " WHERE 1=1", MAX_QUERY_LEN - len - 1); - len += strlen(" WHERE 1=1"); + strncat(buf, " WHERE 1=1", sizeof(buf) - strlen(buf) - 1); for (list = filter->list; list; list = list->next) { joined |= __get_filter_condition(list->data, uid, &condition, bind_params); if (condition == NULL) continue; - strncat(buf, " AND ", MAX_QUERY_LEN - len - 1); - len += strlen(" AND "); + strncat(buf, " AND ", sizeof(buf) - strlen(buf) - 1); - strncat(buf, condition, sizeof(buf) - len - 1); - len += strlen(condition); + strncat(buf, condition, sizeof(buf) - strlen(buf) - 1); free(condition); condition = NULL; } - if (filter->list_metadata) { - strncat(buf, " AND (", MAX_QUERY_LEN - len - 1); - len += strlen(" AND ("); - } + if (filter->list_metadata) + strncat(buf, " AND (", sizeof(buf) - strlen(buf) - 1); for (list = filter->list_metadata; list; list = list->next) { joined |= __get_metadata_filter_condition(list->data, &condition, bind_params); if (condition == NULL) continue; - strncat(buf, condition, sizeof(buf) - len - 1); - len += strlen(condition); + strncat(buf, condition, sizeof(buf) - strlen(buf) - 1); free(condition); condition = NULL; - strncat(buf, " OR ", MAX_QUERY_LEN - len - 1); - len += strlen(" OR "); - } - if (filter->list_metadata) { - strncat(buf, "1=0)", MAX_QUERY_LEN - len - 1); - len += strlen("1=0)"); + strncat(buf, " OR ", sizeof(buf) - strlen(buf) - 1); } + if (filter->list_metadata) + strncat(buf, "1=0)", sizeof(buf) - strlen(buf) - 1); if (joined & E_PMINFO_APPINFO_JOIN_LOCALIZED_INFO) { - strncat(tmp_query, join_localized_info, MAX_QUERY_LEN - len - 1); - len += strlen(join_localized_info); + strncat(tmp_query, join_localized_info, sizeof(tmp_query) - strlen(tmp_query) - 1); *bind_params = g_list_append(*bind_params, strdup(locale)); } - if (joined & E_PMINFO_APPINFO_JOIN_CATEGORY) { - strncat(tmp_query, join_category, MAX_QUERY_LEN - len - 1); - len += strlen(join_category); - } - if (joined & E_PMINFO_APPINFO_JOIN_APP_CONTROL) { - strncat(tmp_query, join_app_control, MAX_QUERY_LEN - len - 1); - len += strlen(join_app_control); - } - if (joined & E_PMINFO_APPINFO_JOIN_METADATA) { - strncat(tmp_query, join_metadata, MAX_QUERY_LEN - len - 1); - len += strlen(join_metadata); - } + if (joined & E_PMINFO_APPINFO_JOIN_CATEGORY) + strncat(tmp_query, join_category, sizeof(tmp_query) - strlen(tmp_query) - 1); + if (joined & E_PMINFO_APPINFO_JOIN_APP_CONTROL) + strncat(tmp_query, join_app_control, sizeof(tmp_query) - strlen(tmp_query) - 1); + if (joined & E_PMINFO_APPINFO_JOIN_METADATA) + strncat(tmp_query, join_metadata, sizeof(tmp_query) - strlen(tmp_query) - 1); - strncat(tmp_query, buf, MAX_QUERY_LEN - len - 1); - len += strlen(buf); + strncat(tmp_query, buf, sizeof(tmp_query) - strlen(tmp_query) - 1); *query = strdup(tmp_query); if (*query == NULL) @@ -487,7 +469,6 @@ static int _appinfo_get_applications(uid_t db_uid, uid_t uid, "ON (ai.app_id=ui.app_id AND ui.uid=?)"; int ret = PMINFO_R_ERROR; int idx; - int len = 0; char *dbpath; char *bg_category_str = NULL; char *constraint = NULL; @@ -513,23 +494,18 @@ static int _appinfo_get_applications(uid_t db_uid, uid_t uid, } free(dbpath); - len = strlen(query_raw); snprintf(query, MAX_QUERY_LEN - 1, "%s", query_raw); if (flag & PMINFO_APPINFO_GET_BASICINFO) { - strncat(query, query_basic, MAX_QUERY_LEN - len - 1); - len += strlen(query_basic); - strncat(query, query_uid_info, MAX_QUERY_LEN - len - 1); - len += strlen(query_uid_info); + strncat(query, query_basic, sizeof(query) - strlen(query) - 1); + strncat(query, query_uid_info, sizeof(query) - strlen(query) - 1); } if (flag & PMINFO_APPINFO_GET_LABEL) { - strncat(query, query_label, MAX_QUERY_LEN - len - 1); - len += strlen(query_label); + strncat(query, query_label, sizeof(query) - strlen(query) - 1); bind_params = g_list_append(bind_params, strdup(locale)); } if (flag & PMINFO_APPINFO_GET_ICON) { - strncat(query, query_icon, MAX_QUERY_LEN - len - 1); - len += strlen(query_icon); + strncat(query, query_icon, sizeof(query) - strlen(query) - 1); bind_params = g_list_append(bind_params, strdup(locale)); } @@ -543,14 +519,12 @@ static int _appinfo_get_applications(uid_t db_uid, uid_t uid, LOGE("Failed to get WHERE clause"); goto catch; } - strncat(query, query_from_clause, MAX_QUERY_LEN - len - 1); - len += strlen(query_from_clause); + strncat(query, query_from_clause, sizeof(query) - strlen(query) - 1); - strncat(query, query_uid_info_clause, MAX_QUERY_LEN - len - 1); - len += strlen(query_uid_info_clause); + strncat(query, query_uid_info_clause, sizeof(query) - strlen(query) - 1); if (constraint) - strncat(query, constraint, MAX_QUERY_LEN - len - 1); + strncat(query, constraint, sizeof(query) - strlen(query) - 1); ret = sqlite3_prepare_v2(db, query, strlen(query), &stmt, NULL); if (ret != SQLITE_OK) { diff --git a/src/pkgmgrinfo_pkginfo.c b/src/pkgmgrinfo_pkginfo.c index a33d1ce..a5b47d6 100644 --- a/src/pkgmgrinfo_pkginfo.c +++ b/src/pkgmgrinfo_pkginfo.c @@ -234,39 +234,32 @@ static int _get_filtered_query(pkgmgrinfo_filter_x *filter, char buf[MAX_QUERY_LEN] = { '\0' }; char buf2[MAX_QUERY_LEN] = { '\0' }; char *condition = NULL; - size_t len = 0; GSList *list = NULL; if (filter == NULL) return PMINFO_R_OK; - strncat(buf, " WHERE 1=1 ", MAX_QUERY_LEN - len - 1); - len += strlen(" WHERE 1=1 "); + snprintf(buf, sizeof(buf), "%s", " WHERE 1=1 "); for (list = filter->list; list; list = list->next) { joined |= __get_filter_condition(list->data, uid, &condition, bind_params); if (condition == NULL) continue; - strncat(buf, " AND ", MAX_QUERY_LEN - len - 1); - len += strlen(" AND "); + strncat(buf, " AND ", sizeof(buf) - strlen(buf) - 1); - strncat(buf, condition, sizeof(buf) - len - 1); - len += strlen(condition); + strncat(buf, condition, sizeof(buf) - strlen(buf) - 1); free(condition); condition = NULL; } if (joined & E_PMINFO_PKGINFO_JOIN_LOCALIZED_INFO) { - strncat(buf2, join_localized_info, MAX_QUERY_LEN - len - 1); - len += strlen(join_localized_info); + strncat(buf2, join_localized_info, sizeof(buf2) - strlen(buf2) - 1); *bind_params = g_list_append(*bind_params, strdup(locale)); } - if (joined & E_PMINFO_PKGINFO_JOIN_PRIVILEGE_INFO) { - strncat(buf2, join_privilege_info, MAX_QUERY_LEN - len - 1); - len += strlen(join_privilege_info); - } - strncat(buf2, buf, MAX_QUERY_LEN - len - 1); + if (joined & E_PMINFO_PKGINFO_JOIN_PRIVILEGE_INFO) + strncat(buf2, join_privilege_info, sizeof(buf2) - strlen(buf2) - 1); + strncat(buf2, buf, sizeof(buf2) - strlen(buf2) - 1); *query = strdup(buf2); if (*query == NULL) @@ -365,7 +358,6 @@ static int _pkginfo_get_packages(uid_t uid, const char *locale, static const char query_from_clause[] = " FROM package_info as pi"; int ret = PMINFO_R_ERROR; int idx = 0; - int query_len = 0; char *dbpath; char *tmp_record = NULL; char *constraints = NULL; @@ -403,34 +395,25 @@ static int _pkginfo_get_packages(uid_t uid, const char *locale, is_check_storage = __check_package_storage_status(tmp_filter); - query_len = strlen(query_raw); snprintf(query, MAX_QUERY_LEN - 1, "%s", query_raw); - if (flag & PMINFO_APPINFO_GET_BASICINFO) { - strncat(query, query_basic, MAX_QUERY_LEN - query_len - 1); - query_len += strlen(query_basic); - } - if (flag & PMINFO_PKGINFO_GET_AUTHOR) { - strncat(query, query_author, MAX_QUERY_LEN - query_len - 1); - query_len += strlen(query_author); - } + if (flag & PMINFO_APPINFO_GET_BASICINFO) + strncat(query, query_basic, sizeof(query) - strlen(query) - 1); + if (flag & PMINFO_PKGINFO_GET_AUTHOR) + strncat(query, query_author, sizeof(query) - strlen(query) - 1); if (flag & PMINFO_PKGINFO_GET_LABEL) { - strncat(query, query_label, MAX_QUERY_LEN - query_len - 1); - query_len += strlen(query_label); + strncat(query, query_label, sizeof(query) - strlen(query) - 1); bind_params = g_list_append(bind_params, strdup(locale)); } if (flag & PMINFO_PKGINFO_GET_ICON) { - strncat(query, query_icon, MAX_QUERY_LEN - query_len - 1); - query_len += strlen(query_icon); + strncat(query, query_icon, sizeof(query) - strlen(query) - 1); bind_params = g_list_append(bind_params, strdup(locale)); } if (flag & PMINFO_PKGINFO_GET_DESCRIPTION) { - strncat(query, query_description, MAX_QUERY_LEN - query_len - 1); - query_len += strlen(query_description); + strncat(query, query_description, sizeof(query) - strlen(query) - 1); bind_params = g_list_append(bind_params, strdup(locale)); } - strncat(query, query_from_clause, MAX_QUERY_LEN - query_len - 1); - query_len += strlen(query_from_clause); + strncat(query, query_from_clause, sizeof(query) - strlen(query) - 1); ret = _get_filtered_query(tmp_filter, locale, uid, &constraints, &bind_params); if (ret != PMINFO_R_OK) { @@ -439,7 +422,7 @@ static int _pkginfo_get_packages(uid_t uid, const char *locale, } if (constraints) - strncat(query, constraints, MAX_QUERY_LEN - query_len - 1); + strncat(query, constraints, sizeof(query) - strlen(query) - 1); ret = sqlite3_prepare_v2(db, query, strlen(query), &stmt, NULL); if (ret != SQLITE_OK) { diff --git a/src/pkgmgrinfo_private.c b/src/pkgmgrinfo_private.c index 121a658..cea1f68 100644 --- a/src/pkgmgrinfo_private.c +++ b/src/pkgmgrinfo_private.c @@ -246,7 +246,6 @@ int __get_filter_condition(gpointer data, uid_t uid, char **condition, GList **p char *value; char *ptr = NULL; char *saveptr = NULL; - size_t len = 0; switch (node->prop) { case E_PMINFO_PKGINFO_PROP_PACKAGE_ID: @@ -345,16 +344,13 @@ int __get_filter_condition(gpointer data, uid_t uid, char **condition, GList **p free(value); return 0; } - strncat(buf, "?", MAX_QUERY_LEN - len - 1); - len += strlen("?"); + strncat(buf, "?", sizeof(buf) - strlen(buf) - 1); *params = g_list_append(*params, strdup(ptr)); while ((ptr = strtok_r(NULL, ",", &saveptr))) { - strncat(buf, ", ?", MAX_QUERY_LEN - len - 1); - len += strlen(", ?"); + strncat(buf, ", ?", sizeof(buf) - strlen(buf) - 1); *params = g_list_append(*params, strdup(ptr)); } - strncat(buf, ")", MAX_QUERY_LEN - len - 1); - len += strlen("?"); + strncat(buf, ")", sizeof(buf) - strlen(buf) - 1); *condition = strdup(buf); flag = E_PMINFO_APPINFO_JOIN_CATEGORY; free(value); @@ -432,17 +428,12 @@ int __get_metadata_filter_condition(gpointer data, char **condition, { pkgmgrinfo_metadata_node_x *node = (pkgmgrinfo_metadata_node_x *)data; char buf[MAX_QUERY_LEN]; - size_t len = 0; snprintf(buf, sizeof(buf), "(package_app_app_metadata.md_key=?"); - len += strlen("(package_app_app_metadata.md_key=?"); - if (node->value) { + if (node->value) strncat(buf, " AND package_app_app_metadata.md_value=?", - sizeof(buf) - len - 1); - len += strlen(" AND package_app_app_metadata.md_value=?"); - } - strncat(buf, ")", sizeof(buf) - len - 1); - len += strlen(")"); + sizeof(buf) - strlen(buf) - 1); + strncat(buf, ")", sizeof(buf) - strlen(buf) - 1); *condition = strdup(buf); *params = g_list_append(*params, strdup(node->key));