fix buffer overflowsubmit/tizen_3.0/20171107.015413accepted/tizen/3.0/wearable/20171107.215612accepted/tizen/3.0/mobile/20171107.215608accepted/tizen/3.0/common/20171108.094448

Change-Id: I39e70cfd176d0ee8bb24b880c20cd25caaacc2ce
Signed-off-by: Jongkyu Koo <jk.koo@samsung.com>

1 files changed, 11 insertions, 6 deletions

diff --git a/externals/MsgSpamFilter.cpp b/externals/MsgSpamFilter.cpp
index c0f543d..eed53d9 100755
--- a/externals/MsgSpamFilter.cpp
+++ b/externals/MsgSpamFilter.cpp
@@ -140,7 +140,7 @@ bool MsgCheckFilter(MsgDbHandler *pDbHandle, MSG_MESSAGE_INFO_S *pMsgInfo)
 
 	int fileSize = 0;
 	bool bFiltered = false;
-
+	int tmpLen = 0;
 	for (int i = 1; i <= rowCnt; i++) {
 		memset(filterValue, 0x00, sizeof(filterValue));
 
@@ -173,20 +173,25 @@ bool MsgCheckFilter(MsgDbHandler *pDbHandle, MSG_MESSAGE_INFO_S *pMsgInfo)
 					pData = new char[pMsgInfo->dataSize+1];
 
 					strncpy(pData, pMsgInfo->msgText, pMsgInfo->dataSize);
-					pData[strlen(pMsgInfo->msgText)] = '\0';
+					tmpLen = strlen(pMsgInfo->msgText);
+					if ( tmpLen < pMsgInfo->dataSize)
+						pData[tmpLen] = '\0';
+					else
+						pData[pMsgInfo->dataSize] = '\0';
 				}
 			}
 		} else if (pMsgInfo->msgType.mainType == MSG_MMS_TYPE) {
-			if (strlen(pMsgInfo->subject) > 0) {
+			tmpLen = strlen(pMsgInfo->subject);
+			if (tmpLen > 0) {
 				if (pData) {
 					delete[] pData;
 					pData = NULL;
 				}
 
-				pData = new char[strlen(pMsgInfo->subject)+1];
+				pData = new char[tmpLen+1];
 
-				strncpy(pData, pMsgInfo->subject, strlen(pMsgInfo->subject));
-				pData[strlen(pMsgInfo->subject)] = '\0';
+				strncpy(pData, pMsgInfo->subject, tmpLen);
+				pData[tmpLen] = '\0';
 			}
 		}