Fixed security issues

- Checks buffer size
- Uses memcpy function

Change-Id: I6c4541e4274627cfe21f6e70dd0cfbfaf8414367
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>

1 files changed, 6 insertions, 6 deletions

diff --git a/src/bundle.c b/src/bundle.c
index ac0725f..f5e6864 100644
--- a/src/bundle.c
+++ b/src/bundle.c
@@ -581,9 +581,9 @@ bundle *bundle_decode(const bundle_raw *r, const int data_size)
 		type = keyval_get_type_from_encoded_byte(p_r);
 		if (keyval_type_is_array(type)) {
 			bytes_read = keyval_array_decode(p_r,
-					(keyval_array_t **)&kv, byte_size);
+					(keyval_array_t **)&kv, byte_size + 1);
 		} else {
-			bytes_read = keyval_decode(p_r, &kv, byte_size);
+			bytes_read = keyval_decode(p_r, &kv, byte_size + 1);
 		}
 
 		if (kv)
@@ -729,9 +729,9 @@ bundle *bundle_decode_raw(const bundle_raw *r, const int data_size)
 		type = keyval_get_type_from_encoded_byte(p_r);
 		if (keyval_type_is_array(type)) {
 			bytes_read = keyval_array_decode(p_r,
-					(keyval_array_t **)&kv, byte_size);
+					(keyval_array_t **)&kv, byte_size + 1);
 		} else {
-			bytes_read = keyval_decode(p_r, &kv, byte_size);
+			bytes_read = keyval_decode(p_r, &kv, byte_size + 1);
 		}
 
 		if (kv)
@@ -885,11 +885,11 @@ bundle *bundle_import_from_argv(int argc, char **argv)
 
 		type = keyval_get_type_from_encoded_byte(byte);
 		if (keyval_type_is_array(type)) {
-			if (keyval_array_decode(byte, &kva, byte_size) == 0) /* TODO: error! */
+			if (keyval_array_decode(byte, &kva, byte_size + 1) == 0) /* TODO: error! */
 				BUNDLE_EXCEPTION_PRINT("Unable to Decode array\n");
 			kv = (keyval_t *)kva;
 		} else {
-			if (keyval_decode(byte, &kv, byte_size) == 0) /* TODO: error! */
+			if (keyval_decode(byte, &kv, byte_size + 1) == 0) /* TODO: error! */
 				BUNDLE_EXCEPTION_PRINT("Unable to Decode\n");
 		}
 		_bundle_append_kv(b, kv);