Merge "fix security svace: strcpy" into tizentizen_4.0.m1_releasesubmit/tizen/20170510.012058accepted/tizen/unified/20170510.183103

2 files changed, 3 insertions, 3 deletions

diff --git a/email-core/email-core-mm-callbacks.c b/email-core/email-core-mm-callbacks.c
index eef6494..8d9208b 100755
--- a/email-core/email-core-mm-callbacks.c
+++ b/email-core/email-core-mm-callbacks.c
@@ -258,8 +258,8 @@ INTERNAL_FUNC void mm_login(NETMBX *mb, char *user, char *pwd, long trial)
 	}
 
 	if (EM_SAFE_STRLEN(username) > 0 && EM_SAFE_STRLEN(password) > 0) {
-		strcpy(user, username);
-		strcpy(pwd, password);
+		EM_SAFE_STRNCPY(user, username, NETMAXUSER- EM_SAFE_STRLEN(user) -1);
+		EM_SAFE_STRNCPY(pwd, password, MAILTMPLEN - EM_SAFE_STRLEN(pwd) -1);
 	} else
 		EM_DEBUG_EXCEPTION("User Information is NULL || EM_SAFE_STRLEN is 0 ");
 
diff --git a/email-core/email-core-utils.c b/email-core/email-core-utils.c
index 02d00b4..01b57a0 100755
--- a/email-core/email-core-utils.c
+++ b/email-core/email-core-utils.c
@@ -3246,7 +3246,7 @@ int emcore_strip_HTML_tag(const char *input_html_file_path, char *input_encoding
 
 	emcore_get_content_string(root_element, result_string, input_result_buffer_legnth, &exit_flag);
 	char *replaced_string = reg_replace_new(result_string, "[ \t\r\n\v\f]+", " ");
-	EM_SAFE_STRCPY(output_result_buffer, replaced_string);
+	EM_SAFE_STRNCPY(output_result_buffer, replaced_string, input_result_buffer_legnth - EM_SAFE_STRLEN(output_result_buffer) -1);
 	EM_SAFE_FREE(replaced_string);
 	em_trim_left(output_result_buffer);