From: Junghyun Yeon <jungh.yeon@samsung.com>
Date: Thu, 25 Jan 2018 07:08:28 +0000 (+0900)
Subject: Fix to not generate arg when length is 0
X-Git-Tag: accepted/tizen/unified/20180205.060507~2
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fappfw%2Fpkgmgr-server.git;a=commitdiff_plain;h=82c0b31510317332cfb97362622d59387db49c7e

Fix to not generate arg when length is 0

It could cause heap corruption.

Change-Id: I0fec6c50565d0af070994e6c355610221c36e185
Signed-off-by: Junghyun Yeon <jungh.yeon@samsung.com>
---

diff --git a/src/request.c b/src/request.c
index e973f10..bb996a7 100644
--- a/src/request.c
+++ b/src/request.c
@@ -304,21 +304,22 @@ static int __handle_request_install(uid_t caller_uid,
 	for (i = 0; i < args_count; i++)
 		len = len + strlen(tmp_args[i]) + 1;
 
-	args = (char *)calloc(len, sizeof(char));
-	if (args == NULL) {
-		ERR("calloc failed");
-		g_dbus_method_invocation_return_value(invocation,
-				g_variant_new("(is)", PKGMGR_R_ENOMEM, ""));
-		ret = -1;
-		goto catch;
-	}
-
-	for (i = 0; i < args_count; i++) {
-		strncat(args, tmp_args[i], len - strlen(args) - 1);
-		if (i != args_count - 1)
-			strncat(args, " ", len - strlen(args) - 1);
+	if (len) {
+		args = (char *)calloc(len, sizeof(char));
+		if (args == NULL) {
+			ERR("calloc failed");
+			g_dbus_method_invocation_return_value(invocation,
+					g_variant_new("(is)",
+							PKGMGR_R_ENOMEM, ""));
+			ret = -1;
+			goto catch;
+		}
+		for (i = 0; i < args_count; i++) {
+			strncat(args, tmp_args[i], len - strlen(args) - 1);
+			if (i != args_count - 1)
+				strncat(args, " ", len - strlen(args) - 1);
+		}
 	}
-
 	if (target_uid == (uid_t)-1 || pkgpath == NULL) {
 		g_dbus_method_invocation_return_value(invocation,
 				g_variant_new("(is)", PKGMGR_R_ECOMM, ""));
@@ -393,22 +394,22 @@ static int __handle_request_mount_install(uid_t caller_uid,
 
 	for (i = 0; i < args_count; i++)
 		len = len + strlen(tmp_args[i]) + 1;
-
-	args = (char *)calloc(len, sizeof(char));
-	if (args == NULL) {
-		ERR("calloc failed");
-		g_dbus_method_invocation_return_value(invocation,
-				g_variant_new("(is)", PKGMGR_R_ENOMEM, ""));
-		ret = -1;
-		goto catch;
-	}
-
-	for (i = 0; i < args_count; i++) {
-		strncat(args, tmp_args[i], len - strlen(args) - 1);
-		if (i != args_count - 1)
-			strncat(args, " ", len - strlen(args) - 1);
+	if (len) {
+		args = (char *)calloc(len, sizeof(char));
+		if (args == NULL) {
+			ERR("calloc failed");
+			g_dbus_method_invocation_return_value(invocation,
+					g_variant_new("(is)",
+							PKGMGR_R_ENOMEM, ""));
+			ret = -1;
+			goto catch;
+		}
+		for (i = 0; i < args_count; i++) {
+			strncat(args, tmp_args[i], len - strlen(args) - 1);
+			if (i != args_count - 1)
+				strncat(args, " ", len - strlen(args) - 1);
+		}
 	}
-
 	if (target_uid == (uid_t)-1 || pkgpath == NULL) {
 		g_dbus_method_invocation_return_value(invocation,
 				g_variant_new("(is)", PKGMGR_R_ECOMM, ""));