Fix memory leak, insecure code

- Free reqkey when failed.
- Use snprintf instead of sprintf.

Change-Id: Ia50c2dd0bb602d1ccbd773a8275cf072aec9d027
Signed-off-by: Sangyoon Jang <s89.jang@samsung.com>

diff --git a/src/pkgmgr-server.c b/src/pkgmgr-server.c
index d0dfa91..e80b463 100644 (file)
--- a/src/pkgmgr-server.c
+++ b/src/pkgmgr-server.c
@@ -599,7 +599,7 @@ int set_environement(user_ctx *ctx)
        return res;
 }
 
-user_ctx* get_user_context(uid_t uid)
+user_ctx *get_user_context(uid_t uid)
 {
        /* we can use getpwnam because this is used only after a
         * fork and just before an execv
@@ -608,9 +608,10 @@ user_ctx* get_user_context(uid_t uid)
         */
        user_ctx *context_res;
        char **env = NULL;
-       struct passwd * pwd;
+       struct passwd *pwd;
        int len;
        int ret = 0;
+       int i;
 
        pwd = getpwuid(uid);
        if (!pwd)
@@ -622,34 +623,33 @@ user_ctx* get_user_context(uid_t uid)
                        ret = -1;
                        break;
                }
-               env = (char**)malloc(3* sizeof(char *));
+               env = (char **)malloc(3 * sizeof(char *));
                if (!env) {
                        ret = -1;
                        break;
                }
                // Build environment context
-               len = snprintf(NULL,0, "HOME=%s", pwd->pw_dir);
-               env[0] = (char*)malloc((len + 1)* sizeof(char));
+               len = snprintf(NULL, 0, "HOME=%s", pwd->pw_dir);
+               env[0] = (char *)malloc((len + 1) * sizeof(char));
                if(env[0] == NULL) {
                        ret = -1;
                        break;
                }
-               sprintf(env[0], "HOME=%s", pwd->pw_dir);
-               len = snprintf(NULL,0, "USER=%s", pwd->pw_name);
-               env[1] = (char*)malloc((len + 1)* sizeof(char));
+               snprintf(env[0], len + 1, "HOME=%s", pwd->pw_dir);
+               len = snprintf(NULL, 0, "USER=%s", pwd->pw_name);
+               env[1] = (char *)malloc((len + 1) * sizeof(char));
                if(env[1] == NULL) {
                        ret = -1;
                        break;
                }
-
-               sprintf(env[1], "USER=%s", pwd->pw_name);
+               snprintf(env[1], len + 1, "USER=%s", pwd->pw_name);
                env[2] = NULL;
        } while (0);
 
        if (ret == -1) {
                free(context_res);
                context_res = NULL;
-               int i = 0;
+               i = 0;
                //env variable ends by NULL element
                while (env && env[i]) {
                        free(env[i]);
@@ -680,8 +680,7 @@ static char **__generate_argv(const char *args)
        GError *gerr = NULL;
        int i;
 
-       ret_parse = g_shell_parse_argv(args,
-                       &argcp, &argvp, &gerr);
+       ret_parse = g_shell_parse_argv(args, &argcp, &argvp, &gerr);
        if (FALSE == ret_parse) {
                DBG("Failed to split args: %s", args);
                DBG("messsage: %s", gerr->message);

diff --git a/src/request.c b/src/request.c
index e1ed522..1053847 100644 (file)
--- a/src/request.c
+++ b/src/request.c
@@ -599,7 +599,6 @@ static int __handle_request_cleardata(uid_t uid,
        uid_t target_uid = (uid_t)-1;
        char *pkgtype = NULL;
        char *pkgid = NULL;
-       char *reqkey = NULL;
 
        g_variant_get(parameters, "(u&s&s)", &target_uid, &pkgtype, &pkgid);
        if (target_uid == (uid_t)-1 || pkgtype == NULL || pkgid == NULL) {
@@ -608,11 +607,7 @@ static int __handle_request_cleardata(uid_t uid,
                return -1;
        }
 
-       reqkey = __generate_reqkey(pkgid);
-       if (reqkey == NULL)
-               return -1;
-
-       if (_pm_queue_push(target_uid, reqkey, PKGMGR_REQUEST_TYPE_CLEARDATA, pkgtype,
+       if (_pm_queue_push(target_uid, "", PKGMGR_REQUEST_TYPE_CLEARDATA, pkgtype,
                                pkgid, "")) {
                g_dbus_method_invocation_return_value(invocation,
                                g_variant_new("(i)", PKGMGR_R_ESYSTEM));
@@ -839,6 +834,7 @@ static int __handle_request_add_blacklist(uid_t uid,
                                "pkg", pkgid, "")) {
                g_dbus_method_invocation_return_value(invocation,
                                g_variant_new("(i)", PKGMGR_R_ESYSTEM));
+               free(reqkey);
                return -1;
        }
 
@@ -875,6 +871,7 @@ static int __handle_request_remove_blacklist(uid_t uid,
                                "pkg", pkgid, "")) {
                g_dbus_method_invocation_return_value(invocation,
                                g_variant_new("(i)", PKGMGR_R_ESYSTEM));
+               free(reqkey);
                return -1;
        }
 
@@ -911,6 +908,7 @@ static int __handle_request_check_blacklist(uid_t uid,
                                "pkg", pkgid, "")) {
                g_dbus_method_invocation_return_value(invocation,
                                g_variant_new("(i)", PKGMGR_R_ESYSTEM));
+               free(reqkey);
                return -1;
        }