diff options
author | Jongkyu Koo <jk.koo@samsung.com> | 2017-11-07 10:22:04 +0900 |
---|---|---|
committer | Jongkyu Koo <jk.koo@samsung.com> | 2017-11-07 10:22:04 +0900 |
commit | 53489eb6b10de13ea2014231b208a1c0c1a27a7e (patch) | |
tree | 14368ad9b8fa6ac47d4fd2a9d36ac563b2ce7f29 | |
parent | c34d736217892bdf488f3f6503aad772d7c53e0e (diff) | |
download | msg-service-53489eb6b10de13ea2014231b208a1c0c1a27a7e.tar.gz msg-service-53489eb6b10de13ea2014231b208a1c0c1a27a7e.tar.bz2 msg-service-53489eb6b10de13ea2014231b208a1c0c1a27a7e.zip |
fix buffer overflowsubmit/tizen_3.0/20171107.015413accepted/tizen/3.0/wearable/20171107.215612accepted/tizen/3.0/mobile/20171107.215608accepted/tizen/3.0/common/20171108.094448
Change-Id: I39e70cfd176d0ee8bb24b880c20cd25caaacc2ce
Signed-off-by: Jongkyu Koo <jk.koo@samsung.com>
-rwxr-xr-x | externals/MsgSpamFilter.cpp | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/externals/MsgSpamFilter.cpp b/externals/MsgSpamFilter.cpp index c0f543d..eed53d9 100755 --- a/externals/MsgSpamFilter.cpp +++ b/externals/MsgSpamFilter.cpp @@ -140,7 +140,7 @@ bool MsgCheckFilter(MsgDbHandler *pDbHandle, MSG_MESSAGE_INFO_S *pMsgInfo) int fileSize = 0; bool bFiltered = false; - + int tmpLen = 0; for (int i = 1; i <= rowCnt; i++) { memset(filterValue, 0x00, sizeof(filterValue)); @@ -173,20 +173,25 @@ bool MsgCheckFilter(MsgDbHandler *pDbHandle, MSG_MESSAGE_INFO_S *pMsgInfo) pData = new char[pMsgInfo->dataSize+1]; strncpy(pData, pMsgInfo->msgText, pMsgInfo->dataSize); - pData[strlen(pMsgInfo->msgText)] = '\0'; + tmpLen = strlen(pMsgInfo->msgText); + if ( tmpLen < pMsgInfo->dataSize) + pData[tmpLen] = '\0'; + else + pData[pMsgInfo->dataSize] = '\0'; } } } else if (pMsgInfo->msgType.mainType == MSG_MMS_TYPE) { - if (strlen(pMsgInfo->subject) > 0) { + tmpLen = strlen(pMsgInfo->subject); + if (tmpLen > 0) { if (pData) { delete[] pData; pData = NULL; } - pData = new char[strlen(pMsgInfo->subject)+1]; + pData = new char[tmpLen+1]; - strncpy(pData, pMsgInfo->subject, strlen(pMsgInfo->subject)); - pData[strlen(pMsgInfo->subject)] = '\0'; + strncpy(pData, pMsgInfo->subject, tmpLen); + pData[tmpLen] = '\0'; } } |