Fix to not generate arg when length is 0

It could cause heap corruption.

Change-Id: I0fec6c50565d0af070994e6c355610221c36e185
Signed-off-by: Junghyun Yeon <jungh.yeon@samsung.com>

diff --git a/src/request.c b/src/request.c
index e973f10..bb996a7 100644 (file)
--- a/src/request.c
+++ b/src/request.c
@@ -304,21 +304,22 @@ static int __handle_request_install(uid_t caller_uid,
        for (i = 0; i < args_count; i++)
                len = len + strlen(tmp_args[i]) + 1;
 
-       args = (char *)calloc(len, sizeof(char));
-       if (args == NULL) {
-               ERR("calloc failed");
-               g_dbus_method_invocation_return_value(invocation,
-                               g_variant_new("(is)", PKGMGR_R_ENOMEM, ""));
-               ret = -1;
-               goto catch;
-       }
-
-       for (i = 0; i < args_count; i++) {
-               strncat(args, tmp_args[i], len - strlen(args) - 1);
-               if (i != args_count - 1)
-                       strncat(args, " ", len - strlen(args) - 1);
+       if (len) {
+               args = (char *)calloc(len, sizeof(char));
+               if (args == NULL) {
+                       ERR("calloc failed");
+                       g_dbus_method_invocation_return_value(invocation,
+                                       g_variant_new("(is)",
+                                                       PKGMGR_R_ENOMEM, ""));
+                       ret = -1;
+                       goto catch;
+               }
+               for (i = 0; i < args_count; i++) {
+                       strncat(args, tmp_args[i], len - strlen(args) - 1);
+                       if (i != args_count - 1)
+                               strncat(args, " ", len - strlen(args) - 1);
+               }
        }
-
        if (target_uid == (uid_t)-1 || pkgpath == NULL) {
                g_dbus_method_invocation_return_value(invocation,
                                g_variant_new("(is)", PKGMGR_R_ECOMM, ""));
@@ -393,22 +394,22 @@ static int __handle_request_mount_install(uid_t caller_uid,
 
        for (i = 0; i < args_count; i++)
                len = len + strlen(tmp_args[i]) + 1;
-
-       args = (char *)calloc(len, sizeof(char));
-       if (args == NULL) {
-               ERR("calloc failed");
-               g_dbus_method_invocation_return_value(invocation,
-                               g_variant_new("(is)", PKGMGR_R_ENOMEM, ""));
-               ret = -1;
-               goto catch;
-       }
-
-       for (i = 0; i < args_count; i++) {
-               strncat(args, tmp_args[i], len - strlen(args) - 1);
-               if (i != args_count - 1)
-                       strncat(args, " ", len - strlen(args) - 1);
+       if (len) {
+               args = (char *)calloc(len, sizeof(char));
+               if (args == NULL) {
+                       ERR("calloc failed");
+                       g_dbus_method_invocation_return_value(invocation,
+                                       g_variant_new("(is)",
+                                                       PKGMGR_R_ENOMEM, ""));
+                       ret = -1;
+                       goto catch;
+               }
+               for (i = 0; i < args_count; i++) {
+                       strncat(args, tmp_args[i], len - strlen(args) - 1);
+                       if (i != args_count - 1)
+                               strncat(args, " ", len - strlen(args) - 1);
+               }
        }
-
        if (target_uid == (uid_t)-1 || pkgpath == NULL) {
                g_dbus_method_invocation_return_value(invocation,
                                g_variant_new("(is)", PKGMGR_R_ECOMM, ""));