projects / platform / core / security / drm-service-core-tizen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 97afad1)
Fix static analysis issues 12/270212/3 accepted/tizen_7.0_unified_hotfix tizen_7.0_hotfix accepted/tizen/7.0/unified/20221110.062811 accepted/tizen/7.0/unified/hotfix/20221116.105605 accepted/tizen/unified/20220128.144346 submit/tizen/20220126.233137 tizen_7.0_m2_release
authorTomasz Swierczek <t.swierczek@samsung.com>
Wed, 26 Jan 2022 11:09:21 +0000 (12:09 +0100)
committerTomasz Swierczek <t.swierczek@samsung.com>
Wed, 26 Jan 2022 11:33:24 +0000 (12:33 +0100)
ContentsType field in t_file_header is treated in few places as
null-terminated string. Hence, changed operations on this field
in function TADC_GetFileHeader to ensure that the null-byte stays
at the end of the table.

pstmt variable could be possibly released two times.

Change-Id: I1bf12ff63848ade2ba7dcaef5e334662c0853152

tadcore/TADCCore/TADC_Core.cpp patch | blob | history
tappsd/src/rights/DTapps2Rights.cpp patch | blob | history

diff --git a/tadcore/TADCCore/TADC_Core.cpp b/tadcore/TADCCore/TADC_Core.cpp
index a3b55f4..b2d8046 100644 (file)
--- a/tadcore/TADCCore/TADC_Core.cpp
+++ b/tadcore/TADCCore/TADC_Core.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000-2015 Samsung Electronics Co., Ltd.
+ * Copyright (c) 2000-2022 Samsung Electronics Co., Ltd.
  *
  * Licensed under the Flora License, Version 1.1 (the License);
  * you may not use this file except in compliance with the License.
@@ -1055,7 +1055,9 @@ int TADC_GetFileHeader(unsigned char *inBuffer,  T_FILE_HEADER *t_FileHeader)
        t_FileHeader->DRMType = inBuffer[i];
        i += 1;
 
-       TADC_IF_MemCpy(t_FileHeader->ContentsType, inBuffer + i, 128);
+       // ContentsType is treated as null-terminated string, hence 127
+       // (zero is added in memset in line 1024)
+       TADC_IF_MemCpy(t_FileHeader->ContentsType, inBuffer + i, 127);
        i += 128;
 
        TADC_IF_MemCpy(&t_FileHeader->TotalSize, inBuffer + i, 8);
diff --git a/tappsd/src/rights/DTapps2Rights.cpp b/tappsd/src/rights/DTapps2Rights.cpp
index 55403e0..3f4fefd 100644 (file)
--- a/tappsd/src/rights/DTapps2Rights.cpp
+++ b/tappsd/src/rights/DTapps2Rights.cpp
@@ -1198,10 +1198,10 @@ BOOL DTapps_RIGHTS_INSTALL(const char *name,
 
        DRM_TAPPS_LOG("Release Statement........");
        ret_value = DTappsStmtRelease(pstmt);
+       pstmt = NULL;
 
        if (ret_value != TRUE) {
                DRM_TAPPS_EXCEPTION("Release Statement Failed!! ret_value = %d", ret_value);
-               pstmt = NULL;
                goto Error_Exit;
        }
 
@@ -1364,10 +1364,10 @@ BOOL DTapps_RIGHTS_SELECT_ONE(const char *cid, DTAPPS_RIGHTS_ROW *row)
 
        DRM_TAPPS_LOG("Release Statement........");
        ret_value = DTappsStmtRelease(pstmt);
+       pstmt = NULL;
 
        if (ret_value != TRUE) {
                DRM_TAPPS_EXCEPTION("Release Statement Failed!! ret_value = %d", ret_value);
-               pstmt = NULL;
                goto Error_Exit;
        }
 
Domain: Security / Utilities;