From 1a64e75b1770b04b5a04a8d337484e01ba4791f7 Mon Sep 17 00:00:00 2001
From: Kyeonghun Lee <kh9090.lee@samsung.com>
Date: Tue, 18 Apr 2017 14:36:46 +0900
Subject: fix security issues

Change-Id: Ib3a5d23d8c81bc02ce0bfa5b843364a90d1c1ad9
Signed-off-by: Kyeonghun Lee <kh9090.lee@samsung.com>
---
 email-common-use/email-utilities.c         |  2 +-
 email-common-use/include/email-debug-log.h |  7 -------
 email-core/email-core-account.c            |  4 ++--
 email-core/email-core-mail.c               |  8 ++++----
 email-core/email-core-utils.c              |  6 +++---
 email-core/email-storage/email-storage.c   | 16 ++++++++--------
 6 files changed, 18 insertions(+), 25 deletions(-)

diff --git a/email-common-use/email-utilities.c b/email-common-use/email-utilities.c
index f0e6ee4..be688f6 100755
--- a/email-common-use/email-utilities.c
+++ b/email-common-use/email-utilities.c
@@ -416,7 +416,7 @@ INTERNAL_FUNC int em_replace_string_ex(char **input_source_string, char *input_o
 		found_pos = strstr(found_pos, input_old_string);
 	}
 
-	EM_SAFE_STRCAT(result_buffer, cursor_of_source_string);
+	EM_SAFE_STRNCAT(result_buffer, cursor_of_source_string, buffer_length - EM_SAFE_STRLEN(result_buffer) - 1);
 
 	EM_SAFE_FREE(*input_source_string);
 	*input_source_string = result_buffer;
diff --git a/email-common-use/include/email-debug-log.h b/email-common-use/include/email-debug-log.h
index 92c878b..27670f4 100644
--- a/email-common-use/include/email-debug-log.h
+++ b/email-common-use/include/email-debug-log.h
@@ -277,13 +277,6 @@ extern "C"
 		((_src) && (_dest))? strncpy(_dest, _src, _size) : NULL;\
 	})
 
-#define EM_SAFE_STRCAT(dest, src) \
-	({\
-		char* _dest = dest;\
-		char* _src = src;\
-		((_src) && (_dest))? strcat(_dest, _src) : NULL;\
-	})
-
 
 #define EM_SAFE_STRNCAT(dest, src, size) \
 	({\
diff --git a/email-core/email-core-account.c b/email-core/email-core-account.c
index a8fde23..2386f88 100755
--- a/email-core/email-core-account.c
+++ b/email-core/email-core-account.c
@@ -322,8 +322,8 @@ INTERNAL_FUNC int emcore_validate_account_with_account_info(char *multi_user_nam
 				err = EMAIL_ERROR_OUT_OF_MEMORY;
 				goto FINISH_OFF;
 			}
-			EM_SAFE_STRNCAT(*output_server_capability_string,smtp_capability_string , (server_capability_string_length + 1) - EM_SAFE_STRLEN(*output_server_capability_string)- 1);
-			EM_SAFE_STRCAT(*output_server_capability_string, imap_capability_string);
+			EM_SAFE_STRNCAT(*output_server_capability_string, smtp_capability_string, (server_capability_string_length + 1) - EM_SAFE_STRLEN(*output_server_capability_string) - 1);
+			EM_SAFE_STRNCAT(*output_server_capability_string, imap_capability_string, (server_capability_string_length + 1) - EM_SAFE_STRLEN(*output_server_capability_string) - 1);
 			EM_DEBUG_LOG("%s", *output_server_capability_string);
 		}
 	}
diff --git a/email-core/email-core-mail.c b/email-core/email-core-mail.c
index 2b9fb15..5a0ffbc 100755
--- a/email-core/email-core-mail.c
+++ b/email-core/email-core-mail.c
@@ -1300,18 +1300,18 @@ int emcore_get_mail_contact_info_with_update(char *multi_user_name, email_mail_c
 		if (temp_emailaddr && email_address) {
 			if (mail_id == 0) {	/*  if mail_id is 0, return only contact info without saving contact info to DB */
 				/* snprintf(temp_emailaddr, 400, "%s", contact_info->email_address); */
-				EM_SAFE_STRCAT(temp_emailaddr, email_address);
+				EM_SAFE_STRNCAT(temp_emailaddr, email_address, address_length - EM_SAFE_STRLEN(temp_emailaddr) - 1);
 				if (addr->next != NULL)
-					EM_SAFE_STRCAT(temp_emailaddr, ", ");
+					EM_SAFE_STRNCAT(temp_emailaddr, ", ", address_length - EM_SAFE_STRLEN(temp_emailaddr) - 1);
 				EM_DEBUG_LOG_SEC(">>>> TEMP EMail Address [ %s ] ", temp_emailaddr);
 			} else {	/*  save only the first address information - 09-SEP-2010 */
 				if (is_saved == 0) {
 					is_saved = 1;
 					/* snprintf(temp_emailaddr, 400, "%s", contact_info->email_address); */
-					EM_SAFE_STRCAT(temp_emailaddr, email_address);
+					EM_SAFE_STRNCAT(temp_emailaddr, email_address, address_length - EM_SAFE_STRLEN(temp_emailaddr) - 1);
 					/*
 					if (addr->next != NULL)
-						EM_SAFE_STRCAT(temp_emailaddr, ", ");
+						EM_SAFE_STRNCAT(temp_emailaddr, ", ", address_length - EM_SAFE_STRLEN(temp_emailaddr) - 1);
 					*/
 					EM_DEBUG_LOG_SEC(">>>> TEMP EMail Address [ %s ] ", temp_emailaddr);
 				}
diff --git a/email-core/email-core-utils.c b/email-core/email-core-utils.c
index 3013423..02d00b4 100755
--- a/email-core/email-core-utils.c
+++ b/email-core/email-core-utils.c
@@ -3140,7 +3140,7 @@ static void emcore_get_content_string(xmlNode *input_node, char *input_result_bu
 				*input_exit_flag = 1;
 				break;
 			} else {
-				EM_SAFE_STRCAT(input_result_buffer, " ");
+				EM_SAFE_STRNCAT(input_result_buffer, " ", input_result_buffer_length - EM_SAFE_STRLEN(input_result_buffer) - 1);
 				continue;
 			}
 		}
@@ -3160,7 +3160,7 @@ static void emcore_get_content_string(xmlNode *input_node, char *input_result_bu
 					if (remain_str) {
 						char *replaced_string = NULL;
 						replaced_string = reg_replace_new(remain_str, "[ \t\r\n\v\f]+", " ");
-						EM_SAFE_STRCAT(input_result_buffer, replaced_string);
+						EM_SAFE_STRNCAT(input_result_buffer, replaced_string, input_result_buffer_length - EM_SAFE_STRLEN(input_result_buffer) - 1);
 						EM_SAFE_FREE(replaced_string);
 						free(remain_str);
 					}
@@ -3174,7 +3174,7 @@ static void emcore_get_content_string(xmlNode *input_node, char *input_result_bu
 			if (temp_content_string) {
 				char *replaced_string = NULL;
 				replaced_string = reg_replace_new(temp_content_string, "[ \t\r\n\v\f]+", " ");
-				EM_SAFE_STRCAT(input_result_buffer, replaced_string);
+				EM_SAFE_STRNCAT(input_result_buffer, replaced_string, input_result_buffer_length - EM_SAFE_STRLEN(input_result_buffer) - 1);
 				EM_SAFE_FREE(replaced_string);
 				free(temp_content_string);
 			}
diff --git a/email-core/email-storage/email-storage.c b/email-core/email-storage/email-storage.c
index 0de3a0b..d29f960 100755
--- a/email-core/email-storage/email-storage.c
+++ b/email-core/email-storage/email-storage.c
@@ -2698,7 +2698,7 @@ INTERNAL_FUNC int emstorage_query_mail_count(char *multi_user_name, const char *
 	EMSTORAGE_START_READ_TRANSACTION(input_transaction);
 
 	SNPRINTF(sql_query_string, query_size, "SELECT COUNT(*) FROM mail_tbl");
-	EM_SAFE_STRCAT(sql_query_string, (char*)input_conditional_clause);
+	EM_SAFE_STRNCAT(sql_query_string, (char*)input_conditional_clause, query_size - EM_SAFE_STRLEN(sql_query_string) - 1);
 
 	if (output_total_mail_count) {
 		EMSTORAGE_PROTECTED_FUNC_CALL(sqlite3_prepare_v2(local_db_handle, sql_query_string, EM_SAFE_STRLEN(sql_query_string), &hStmt, NULL), rc);
@@ -2712,7 +2712,7 @@ INTERNAL_FUNC int emstorage_query_mail_count(char *multi_user_name, const char *
 	}
 
 	if (output_unseen_mail_count) {
-		EM_SAFE_STRCAT(sql_query_string, " AND flags_seen_field = 0 ");
+		EM_SAFE_STRNCAT(sql_query_string, " AND flags_seen_field = 0 ", query_size - EM_SAFE_STRLEN(sql_query_string) - 1);
 
 		EMSTORAGE_PROTECTED_FUNC_CALL(sqlite3_get_table(local_db_handle, sql_query_string, &result, NULL, NULL, NULL), rc);
 		EM_DEBUG_DB_EXEC(SQLITE_OK != rc, {error = EMAIL_ERROR_DB_FAILURE; sqlite3_free_table(result); goto FINISH_OFF; },
@@ -2772,7 +2772,7 @@ INTERNAL_FUNC int emstorage_query_mail_id_list(char *multi_user_name, const char
 
 	/* Composing query */
 	SNPRINTF_OFFSET(sql_query_string, cur_query, query_size, "SELECT mail_id FROM mail_tbl ");
-	EM_SAFE_STRCAT(sql_query_string, (char*)input_conditional_clause);
+	EM_SAFE_STRNCAT(sql_query_string, (char*)input_conditional_clause, query_size - EM_SAFE_STRLEN(sql_query_string) - 1);
 
 	EM_DEBUG_LOG_SEC("query[%s].", sql_query_string);
 
@@ -12951,7 +12951,7 @@ INTERNAL_FUNC int emstorage_get_thread_id_of_thread_mails(char *multi_user_name,
 	sqlite3_snprintf(query_size, sql_query_string, sql_format, stripped_subject, mail_tbl->mailbox_id);
 
 	if (account_id > 0)
-		strcat(sql_query_string, sql_account);
+		EM_SAFE_STRNCAT(sql_query_string, sql_account, query_size - EM_SAFE_STRLEN(sql_query_string) - 1);
 
 	strcat(sql_query_string, sql_format_order_by);
 	strcat(sql_query_string, ";");
@@ -16320,19 +16320,19 @@ static int _make_order_rule_string(char *multi_user_name, email_list_sorting_rul
 
 	switch (input_sorting_rule->sort_order) {
 		case EMAIL_SORT_ORDER_ASCEND:
-			EM_SAFE_STRCAT(result_rule_string, " ASC ");
+			EM_SAFE_STRNCAT(result_rule_string, " ASC ", QUERY_SIZE - EM_SAFE_STRLEN(result_rule_string) - 1);
 			break;
 
 		case EMAIL_SORT_ORDER_DESCEND:
-			EM_SAFE_STRCAT(result_rule_string, " DESC ");
+			EM_SAFE_STRNCAT(result_rule_string, " DESC ", QUERY_SIZE - EM_SAFE_STRLEN(result_rule_string) - 1);
 			break;
 
 		case EMAIL_SORT_ORDER_NOCASE_ASCEND:
-			EM_SAFE_STRCAT(result_rule_string, " COLLATE NOCASE ASC ");
+			EM_SAFE_STRNCAT(result_rule_string, " COLLATE NOCASE ASC ", QUERY_SIZE - EM_SAFE_STRLEN(result_rule_string) - 1);
 			break;
 
 		case EMAIL_SORT_ORDER_NOCASE_DESCEND:
-			EM_SAFE_STRCAT(result_rule_string, " COLLATE NOCASE DESC ");
+			EM_SAFE_STRNCAT(result_rule_string, " COLLATE NOCASE DESC ", QUERY_SIZE - EM_SAFE_STRLEN(result_rule_string) - 1);
 			break;
 
 		case EMAIL_SORT_ORDER_TO_CCBCC:
-- 
cgit v1.2.3