From 338aac123c9b852c66d3b00cf2469c392ba616c6 Mon Sep 17 00:00:00 2001 From: Hwankyu Jhun Date: Wed, 7 Jun 2017 12:14:32 +0900 Subject: Prevent buffer overflow Change-Id: I80053a8fd20b7554b2ffeeede9dbcc561469e922 Signed-off-by: Hwankyu Jhun (cherry picked from commit 9ac2e32ca697d14bb49e33dd7993f1017c3c4178) --- inc/launchpad_common.h | 7 ++++++ src/debugger_info.c | 32 ++++++++++++------------ src/launcher_info.c | 32 ++++++++++++------------ src/loader_info.c | 66 ++++++++++++++++++++++++++++---------------------- 4 files changed, 76 insertions(+), 61 deletions(-) diff --git a/inc/launchpad_common.h b/inc/launchpad_common.h index a2a95ad..2c3fa75 100644 --- a/inc/launchpad_common.h +++ b/inc/launchpad_common.h @@ -58,6 +58,13 @@ #define _D(fmt, arg...) LOGD(fmt, ##arg) #define _W(fmt, arg...) LOGW(fmt, ##arg) +#define FREE_AND_NULL(x) do { \ + if (x) { \ + free(x); \ + x = NULL; \ + } \ +} while (0) + enum loader_arg { LOADER_ARG_PATH, LOADER_ARG_TYPE, diff --git a/src/debugger_info.c b/src/debugger_info.c index 9c13a04..fdc74c5 100644 --- a/src/debugger_info.c +++ b/src/debugger_info.c @@ -93,17 +93,11 @@ static void __parse_app_types(struct debugger_info_s *info, char *line) { char *token; char *saveptr = NULL; - char tok[LINE_MAX]; - token = strtok_r(line, "|", &saveptr); + token = strtok_r(line, "\t |\n", &saveptr); while (token) { - tok[0] = '\0'; - sscanf(token, "%s", tok); - if (tok[0] != '\0' && strcasecmp(tok, "null") != 0) { - info->app_types = g_list_append(info->app_types, - strdup(tok)); - } - token = strtok_r(NULL, "|", &saveptr); + info->app_types = g_list_append(info->app_types, strdup(token)); + token = strtok_r(NULL, "\t |\n", &saveptr); } } @@ -111,8 +105,8 @@ static GList *__parse_file(GList *list, const char *path) { FILE *fp; char buf[LINE_MAX]; - char tok1[LINE_MAX]; - char tok2[LINE_MAX]; + char *tok1 = NULL; + char *tok2 = NULL; struct debugger_info_s *info = NULL; fp = fopen(path, "rt"); @@ -120,11 +114,10 @@ static GList *__parse_file(GList *list, const char *path) return list; while (fgets(buf, sizeof(buf), fp) != NULL) { - tok1[0] = '\0'; - tok2[0] = '\0'; - sscanf(buf, "%s %s", tok1, tok2); - - if (strcasecmp(TAG_DEBUGGER, tok1) == 0) { + FREE_AND_NULL(tok1); + FREE_AND_NULL(tok2); + sscanf(buf, "%ms %ms", &tok1, &tok2); + if (tok1 && strcasecmp(TAG_DEBUGGER, tok1) == 0) { if (info) { _D("name: %s, exe: %s", info->name, info->exe); list = g_list_append(list, info); @@ -137,6 +130,8 @@ static GList *__parse_file(GList *list, const char *path) continue; } + if (!tok1 || !tok2) + continue; if (tok1[0] == '\0' || tok2[0] == '\0' || tok1[0] == '#') continue; if (info == NULL) @@ -200,6 +195,11 @@ static GList *__parse_file(GList *list, const char *path) list = g_list_append(list, info); } + if (tok1) + free(tok1); + if (tok2) + free(tok2); + return list; } diff --git a/src/launcher_info.c b/src/launcher_info.c index 06b46ab..4e57459 100644 --- a/src/launcher_info.c +++ b/src/launcher_info.c @@ -73,17 +73,11 @@ static void __parse_app_types(struct launcher_info_s *info, char *line) { char *token; char *saveptr = NULL; - char tok[LINE_MAX]; - token = strtok_r(line, "|", &saveptr); + token = strtok_r(line, "\t |\n", &saveptr); while (token) { - tok[0] = '\0'; - sscanf(token, "%s", tok); - if (tok[0] != '\0' && strcasecmp(tok, "null") != 0) { - info->app_types = g_list_append(info->app_types, - strdup(tok)); - } - token = strtok_r(NULL, "|", &saveptr); + info->app_types = g_list_append(info->app_types, strdup(token)); + token = strtok_r(NULL, "\t |\n", &saveptr); } } @@ -91,8 +85,8 @@ static GList *__parse_file(GList *list, const char *path) { FILE *fp; char buf[LINE_MAX]; - char tok1[LINE_MAX]; - char tok2[LINE_MAX]; + char *tok1 = NULL; + char *tok2 = NULL; struct launcher_info_s *info = NULL; fp = fopen(path, "rt"); @@ -100,11 +94,10 @@ static GList *__parse_file(GList *list, const char *path) return list; while (fgets(buf, sizeof(buf), fp) != NULL) { - tok1[0] = '\0'; - tok2[0] = '\0'; - sscanf(buf, "%s %s", tok1, tok2); - - if (strcasecmp(TAG_LAUNCHER, tok1) == 0) { + FREE_AND_NULL(tok1); + FREE_AND_NULL(tok2); + sscanf(buf, "%ms %ms", &tok1, &tok2); + if (tok1 && strcasecmp(TAG_LAUNCHER, tok1) == 0) { if (info) { _D("name: %s, exe: %s", info->name, info->exe); list = g_list_append(list, info); @@ -117,6 +110,8 @@ static GList *__parse_file(GList *list, const char *path) continue; } + if (!tok1 || !tok2) + continue; if (tok1[0] == '\0' || tok2[0] == '\0' || tok1[0] == '#') continue; if (info == NULL) @@ -163,6 +158,11 @@ static GList *__parse_file(GList *list, const char *path) list = g_list_append(list, info); } + if (tok1) + free(tok1); + if (tok2) + free(tok2); + return list; } diff --git a/src/loader_info.c b/src/loader_info.c index c0ded9f..181fb6f 100644 --- a/src/loader_info.c +++ b/src/loader_info.c @@ -63,20 +63,18 @@ static void __parse_detection_method(loader_info_t *info, char *line) { char *token; char *savedptr; - char refined_tok[LINE_MAX]; - token = strtok_r(line, "|", &savedptr); + token = strtok_r(line, "\t |\n", &savedptr); info->detection_method = 0; while (token) { - sscanf(token, "%s", refined_tok); - if (!strcmp(refined_tok, VAL_METHOD_TIMEOUT)) + if (!strcmp(token, VAL_METHOD_TIMEOUT)) info->detection_method |= METHOD_TIMEOUT; - if (!strcmp(refined_tok, VAL_METHOD_VISIBILITY)) + else if (!strcmp(token, VAL_METHOD_VISIBILITY)) info->detection_method |= METHOD_VISIBILITY; - if (!strcmp(refined_tok, VAL_METHOD_DEMAND)) + else if (!strcmp(token, VAL_METHOD_DEMAND)) info->detection_method |= METHOD_DEMAND; - token = strtok_r(NULL, "|", &savedptr); + token = strtok_r(NULL, "\t |\n", &savedptr); } _D("detection_method:%d", info->detection_method); @@ -86,36 +84,40 @@ static void __parse_app_types(loader_info_t *info, char *line) { char *token; char *savedptr; - char refined_tok[LINE_MAX]; - token = strtok_r(line, "|", &savedptr); + token = strtok_r(line, "\t |\n", &savedptr); while (token) { - refined_tok[0] = '\0'; - sscanf(token, "%s", refined_tok); - if (refined_tok[0] != '\0' && - strcasecmp("null", refined_tok) != 0) { - info->app_types = g_list_append(info->app_types, - strdup(refined_tok)); - } - token = strtok_r(NULL, "|", &savedptr); + info->app_types = g_list_append(info->app_types, strdup(token)); + token = strtok_r(NULL, "\t |\n", &savedptr); } } static void __parse_extra(loader_info_t *info, char *line) { - char tok1[LINE_MAX] = { 0, }; - char tok2[LINE_MAX] = { 0, }; - char tok3[LINE_MAX] = { 0, }; + char *tok1 = NULL; + char *tok2 = NULL; + char *tok3 = NULL; if (info->extra == NULL) return; - sscanf(line, "%s %s %s", tok1, tok2, tok3); + sscanf(line, "%ms %ms %ms", &tok1, &tok2, &tok3); + + if (!tok1 || !tok2 || !tok3) + goto end; if (strlen(tok2) == 0 || strlen(tok3) == 0) - return; + goto end; bundle_add_str(info->extra, tok2, tok3); + +end: + if (tok1) + free(tok1); + if (tok2) + free(tok2); + if (tok3) + free(tok3); } static void __add_extra_array_from_list(bundle *b, const char *key, GList *list) @@ -155,8 +157,8 @@ static GList *__parse_file(GList *list, const char *path) { FILE *fp; char buf[LINE_MAX]; - char tok1[LINE_MAX]; - char tok2[LINE_MAX]; + char *tok1 = NULL; + char *tok2 = NULL; loader_info_t *cur_info = NULL; char *key = NULL; GList *extra_array = NULL; @@ -166,11 +168,10 @@ static GList *__parse_file(GList *list, const char *path) return list; while (fgets(buf, sizeof(buf), fp) != NULL) { - tok1[0] = '\0'; - tok2[0] = '\0'; - sscanf(buf, "%s %s", tok1, tok2); - - if (strcasecmp(TAG_LOADER, tok1) == 0) { + FREE_AND_NULL(tok1); + FREE_AND_NULL(tok2); + sscanf(buf, "%ms %ms", &tok1, &tok2); + if (tok1 && strcasecmp(TAG_LOADER, tok1) == 0) { if (cur_info != NULL) { __flush_extra_array(cur_info->extra, key, extra_array); @@ -182,6 +183,8 @@ static GList *__parse_file(GList *list, const char *path) continue; } + if (!tok1 || !tok2) + continue; if (tok1[0] == '\0' || tok2[0] == '\0' || tok1[0] == '#') continue; @@ -217,6 +220,11 @@ static GList *__parse_file(GList *list, const char *path) list = g_list_append(list, cur_info); } + if (tok1) + free(tok1); + if (tok2) + free(tok2); + fclose(fp); return list; -- cgit v1.2.3