diff options
author | Inkyun Kil <inkyun.kil@samsung.com> | 2021-03-19 10:12:38 +0900 |
---|---|---|
committer | Inkyun Kil <inkyun.kil@samsung.com> | 2021-03-22 09:47:09 +0900 |
commit | 80412fe9077bd4a51935038f64afdfc7e9235176 (patch) | |
tree | e1380b0614e0494873753b2f2bd5cbb4a921a30e | |
parent | 546ee7a51a72c71566c15fd634b7045c6a2ed1ad (diff) | |
download | alarm-manager-80412fe9077bd4a51935038f64afdfc7e9235176.tar.gz alarm-manager-80412fe9077bd4a51935038f64afdfc7e9235176.tar.bz2 alarm-manager-80412fe9077bd4a51935038f64afdfc7e9235176.zip |
Fix vulnerability for strncmp
The strcmp function is used when you compare the whole rather than
a part of two strings (prefix).
Change-Id: Ibb539659243fbc8b97b70f49a8362dd4ca45f61e
Signed-off-by: Inkyun Kil <inkyun.kil@samsung.com>
-rw-r--r-- | lib/alarm-lib-dbus.c | 2 | ||||
-rw-r--r-- | server/alarm-manager-util.c | 6 | ||||
-rw-r--r-- | server/alarm-manager.c | 28 |
3 files changed, 18 insertions, 18 deletions
diff --git a/lib/alarm-lib-dbus.c b/lib/alarm-lib-dbus.c index a220524..7ace21d 100644 --- a/lib/alarm-lib-dbus.c +++ b/lib/alarm-lib-dbus.c @@ -197,7 +197,7 @@ bool _send_alarm_create(alarm_context_t context, base_info_t *base_info, /*TODO: Dbus bus name validation is must & will be added to avoid alarm-server crash*/ if (context.app_service_name == NULL && strlen(dst_service_name) == 4 - && strncmp(dst_service_name, "null", 4) == 0) { + && strcmp(dst_service_name, "null") == 0) { LOGE("Invalid arg. Provide valid destination or call alarmmgr_init()\n"); if (error_code) *error_code = ERR_ALARM_INVALID_PARAM; diff --git a/server/alarm-manager-util.c b/server/alarm-manager-util.c index e3daf64..8533a9c 100644 --- a/server/alarm-manager-util.c +++ b/server/alarm-manager-util.c @@ -42,8 +42,8 @@ static int __bg_category_func(const char *name, void *user_data) { bg_category_cb_info_t *info = (bg_category_cb_info_t *)user_data; LOGD("appid[%s], bg name = %s", info->appid, name); - if (name && strncmp("enable", name, strlen(name)) && - strncmp("disable", name, strlen(name))) { + if (name && strcmp("enable", name) && + strcmp("disable", name)) { info->has_bg = true; return -1; } @@ -229,7 +229,7 @@ int _is_ui_app(const char *appid, uid_t uid) return 0; ret = pkgmgrinfo_appinfo_get_component_type(appinfo_h, &component); - if (ret == 0 && component != NULL && strncmp(component, "uiapp", 5) == 0) + if (ret == 0 && component != NULL && strcmp(component, "uiapp") == 0) found = 1; if (appinfo_h) diff --git a/server/alarm-manager.c b/server/alarm-manager.c index ddbf30a..559b898 100644 --- a/server/alarm-manager.c +++ b/server/alarm-manager.c @@ -1278,7 +1278,7 @@ static int __find_login_user(uid_t *uid) free(uids); return -1; } else { - if (!strncmp(state, "online", 6)) { + if (!strcmp(state, "online")) { *uid = uids[i]; free(uids); free(state); @@ -1723,13 +1723,13 @@ static int __on_app_enable_cb(uid_t target_uid, int req_id, __alarm_info_t *entry = NULL; bool is_restored = false; - if (key && strncmp(key, "end", 3) == 0 && val && strncmp(val, "ok", 2) == 0) { + if (key && strcmp(key, "end") == 0 && val && strcmp(val, "ok") == 0) { SECURE_LOGD("Enable appid(%s)", appid); for (gs_iter = g_disabled_alarm_list; gs_iter != NULL; ) { entry = (__alarm_info_t *)gs_iter->data; gs_iter = g_slist_next(gs_iter); - if (strncmp(appid, entry->app_unique_name, strlen(appid)) == 0) { + if (strcmp(appid, entry->app_unique_name) == 0) { _alarm_set_next_duetime(entry); SECURE_LOGD("Restore alarm_id(%d) duetime(%d) appid(%s)", entry->alarm_id, (int)(entry->due_time), appid); @@ -1763,13 +1763,13 @@ static int __on_app_disable_cb(uid_t target_uid, int req_id, __alarm_info_t *entry = NULL; bool is_disabled = false; - if (key && strncmp(key, "end", 3) == 0 && val && strncmp(val, "ok", 2) == 0) { + if (key && strcmp(key, "end") == 0 && val && strcmp(val, "ok") == 0) { SECURE_LOGD("Disable appid(%s)", appid); for (gs_iter = alarm_context.alarms; gs_iter != NULL; ) { entry = (__alarm_info_t *)gs_iter->data; gs_iter = g_slist_next(gs_iter); - if (strncmp(appid, entry->app_unique_name, strlen(appid)) == 0) { + if (strcmp(appid, entry->app_unique_name) == 0) { if (!(entry->base_info.alarm_type & ALARM_TYPE_VOLATILE)) _update_db_for_disabled_alarm(entry->alarm_id, true); g_disabled_alarm_list = g_slist_append(g_disabled_alarm_list, entry); @@ -1800,7 +1800,7 @@ static int __on_app_installed(uid_t target_uid, int req_id, const char *pkg_type if (using_rtc && GET_POWER_SAVING_MODE() == -1) return ALARMMGR_RESULT_SUCCESS; - if ((key && strncmp(key, "end", 3) != 0) || (val && strncmp(val, "ok", 2) != 0)) + if ((key && strcmp(key, "end") != 0) || (val && strcmp(val, "ok") != 0)) return ALARMMGR_RESULT_SUCCESS; if (g_slist_length(g_disabled_alarm_list) == 0) @@ -1813,8 +1813,8 @@ static int __on_app_installed(uid_t target_uid, int req_id, const char *pkg_type const char *callee_pkgid = entry->callee_pkgid; gs_iter = g_slist_next(gs_iter); - if ((caller_pkgid && strncmp(pkgid, caller_pkgid, strlen(pkgid)) == 0) || - (callee_pkgid && strncmp(pkgid, callee_pkgid, strlen(pkgid)) == 0)) { + if ((caller_pkgid && strcmp(pkgid, caller_pkgid) == 0) || + (callee_pkgid && strcmp(pkgid, callee_pkgid) == 0)) { _alarm_set_next_duetime(entry); alarm_context.alarms = g_slist_append(alarm_context.alarms, entry); g_disabled_alarm_list = g_slist_remove(g_disabled_alarm_list, entry); @@ -1847,7 +1847,7 @@ static int __on_app_uninstalled(uid_t target_uid, int req_id, const char *pkg_ty SECURE_LOGD("pkg_type(%s), pkgid(%s), key(%s), value(%s)", pkg_type, pkgid, key, val); - if ((key && strncmp(key, "end", 3) != 0) || (val && strncmp(val, "ok", 2) != 0)) + if ((key && strcmp(key, "end") != 0) || (val && strcmp(val, "ok") != 0)) return ALARMMGR_RESULT_SUCCESS; if (using_rtc) @@ -1860,8 +1860,8 @@ static int __on_app_uninstalled(uid_t target_uid, int req_id, const char *pkg_ty const char *callee_pkgid = entry->callee_pkgid; gs_iter = g_slist_next(gs_iter); - if ((caller_pkgid && strncmp(pkgid, caller_pkgid, strlen(pkgid)) == 0) || - (callee_pkgid && strncmp(pkgid, callee_pkgid, strlen(pkgid)) == 0)) { + if ((caller_pkgid && strcmp(pkgid, caller_pkgid) == 0) || + (callee_pkgid && strcmp(pkgid, callee_pkgid) == 0)) { if (_remove_from_scheduled_alarm_list(entry->uid, entry->alarm_id)) is_deleted = true; @@ -2650,7 +2650,7 @@ int alarm_manager_alarm_delete_all(GVariant *parameters, uid_t uid, pid_t pid, entry = (__alarm_info_t*)gs_iter->data; const char *tmp_appname = entry->app_unique_name; SECURE_LOGD("Try to remove app_name[%s], alarm_id[%d]\n", tmp_appname, entry->alarm_id); - if (tmp_appname && strncmp(app_name, tmp_appname, strlen(tmp_appname)) == 0) { + if (tmp_appname && strcmp(app_name, tmp_appname) == 0) { if (_remove_from_scheduled_alarm_list(uid, entry->alarm_id)) is_deleted = true; @@ -2758,7 +2758,7 @@ int alarm_manager_alarm_get_number_of_ids(uid_t uid, pid_t pid, entry = (__alarm_info_t*)gs_iter->data; SECURE_LOGD("app_name=%s, app_unique_name=%s", app_name, entry->app_unique_name); if (entry->uid == uid && - strncmp(app_name, entry->app_unique_name, strlen(app_name)) == 0) { + strcmp(app_name, entry->app_unique_name) == 0) { (_num_of_ids)++; SECURE_LOGD("inc number of alarms of app (uid:%d, pid:%d, unique_name:%s) is %d.", uid, pid, app_name, _num_of_ids); } @@ -2794,7 +2794,7 @@ int alarm_manager_alarm_get_list_of_ids(GVariant *parameters, uid_t uid, for (gs_iter = alarm_context.alarms; gs_iter != NULL; gs_iter = g_slist_next(gs_iter)) { entry = (__alarm_info_t*)gs_iter->data; if (entry->uid == uid && - strncmp(app_name, (entry->app_unique_name), strlen(app_name)) == 0) { + strcmp(app_name, (entry->app_unique_name)) == 0) { g_variant_builder_add(alarm_array, "(i)", entry->alarm_id); index++; SECURE_LOGE("called for alarmid(%d), but max_number_of_ids(%d) index %d.", entry->alarm_id, max_number_of_ids, index); |