summaryrefslogtreecommitdiff
path: root/src/ipc/media-thumb-ipc.c
diff options
context:
space:
mode:
authorJiyong Min <jiyong.min@samsung.com>2017-11-02 10:41:53 +0900
committerJiyong Min <jiyong.min@samsung.com>2017-11-02 10:43:19 +0900
commitcdbc0eea9eb7c71707cd3863ea9a29e00b781488 (patch)
treef1603a5fe85ef929c128bcc1d76fa4682b202f45 /src/ipc/media-thumb-ipc.c
parent945b9dea738e3eaf25579c57fc807870f33c5f51 (diff)
downloadlibmedia-thumbnail-cfaf7dc5d3cec500fead2d370a6158b2563a1df4.tar.gz
libmedia-thumbnail-cfaf7dc5d3cec500fead2d370a6158b2563a1df4.tar.bz2
libmedia-thumbnail-cfaf7dc5d3cec500fead2d370a6158b2563a1df4.zip
- Fix security issues : SATIZENVUL-915, SATIZENVUL-926, SATIZENVUL-956 Change-Id: I1266213f645c33374ddedde27e918da0f2d54f65 Signed-off-by: Jiyong Min <jiyong.min@samsung.com>
Diffstat (limited to 'src/ipc/media-thumb-ipc.c')
-rwxr-xr-xsrc/ipc/media-thumb-ipc.c23
1 files changed, 7 insertions, 16 deletions
diff --git a/src/ipc/media-thumb-ipc.c b/src/ipc/media-thumb-ipc.c
index 29ce6b1..1edde11 100755
--- a/src/ipc/media-thumb-ipc.c
+++ b/src/ipc/media-thumb-ipc.c
@@ -560,7 +560,7 @@ _media_thumb_request(int msg_type, const char *origin_path, char *thumb_path, in
memset(&serv_addr, 0, sizeof(serv_addr));
sock = sock_info.sock_fd;
serv_addr.sun_family = AF_UNIX;
- strncpy(serv_addr.sun_path, THUMB_IPC_PATH, strlen(THUMB_IPC_PATH));
+ SAFE_STRLCPY(serv_addr.sun_path, THUMB_IPC_PATH, sizeof(serv_addr.sun_path));
/* Connecting to the thumbnail server */
if (connect(sock, (struct sockaddr*)&serv_addr, sizeof(serv_addr)) < 0) {
@@ -582,14 +582,7 @@ _media_thumb_request(int msg_type, const char *origin_path, char *thumb_path, in
/* Set requset message */
req_msg.msg_type = msg_type;
req_msg.uid = uid;
- strncpy(req_msg.org_path, origin_path, sizeof(req_msg.org_path));
- req_msg.org_path[strlen(req_msg.org_path)] = '\0';
-
- if (msg_type == THUMB_REQUEST_SAVE_FILE) {
- strncpy(req_msg.dst_path, thumb_path, sizeof(req_msg.dst_path));
- req_msg.dst_path[strlen(req_msg.dst_path)] = '\0';
- }
-
+ SAFE_STRLCPY(req_msg.org_path, origin_path, sizeof(req_msg.org_path));
req_msg.origin_path_size = strlen(req_msg.org_path) + 1;
req_msg.dest_path_size = strlen(req_msg.dst_path) + 1;
req_msg.thumb_size = 0;
@@ -642,7 +635,7 @@ _media_thumb_request(int msg_type, const char *origin_path, char *thumb_path, in
}
if (msg_type != THUMB_REQUEST_SAVE_FILE) {
- strncpy(thumb_path, recv_msg.dst_path, max_length);
+ SAFE_STRLCPY(thumb_path, recv_msg.dst_path, max_length);
}
thumb_info->origin_width = recv_msg.origin_width;
@@ -782,7 +775,7 @@ int _media_thumb_send_request()
memset(&serv_addr, 0, sizeof(serv_addr));
sock = sock_info.sock_fd;
serv_addr.sun_family = AF_UNIX;
- strncpy(serv_addr.sun_path, THUMB_IPC_PATH, strlen(THUMB_IPC_PATH));
+ SAFE_STRLCPY(serv_addr.sun_path, THUMB_IPC_PATH, sizeof(serv_addr.sun_path));
GIOChannel *channel = NULL;
channel = g_io_channel_unix_new(sock);
@@ -827,8 +820,7 @@ int _media_thumb_send_request()
req_msg.msg_type = req_manager->msg_type;
req_msg.request_id = 0;
req_msg.uid = req_manager->uid;
- strncpy(req_msg.org_path, req_manager->path, sizeof(req_msg.org_path));
- req_msg.org_path[strlen(req_msg.org_path)] = '\0';
+ SAFE_STRLCPY(req_msg.org_path, req_manager->path, sizeof(req_msg.org_path));
req_msg.dst_path[0] = '\0';
req_msg.origin_path_size = strlen(req_msg.org_path) + 1;
req_msg.dest_path_size = 1;
@@ -902,7 +894,7 @@ int _media_thumb_raw_data_send_request()
memset(&serv_addr, 0, sizeof(serv_addr));
sock = sock_info.sock_fd;
serv_addr.sun_family = AF_UNIX;
- strncpy(serv_addr.sun_path, THUMB_IPC_PATH, strlen(THUMB_IPC_PATH));
+ SAFE_STRLCPY(serv_addr.sun_path, THUMB_IPC_PATH, sizeof(serv_addr.sun_path));
GIOChannel *channel = NULL;
channel = g_io_channel_unix_new(sock);
@@ -948,8 +940,7 @@ int _media_thumb_raw_data_send_request()
req_msg.thumb_height = req_manager->height;
req_msg.uid = req_manager->uid;
- strncpy(req_msg.org_path, req_manager->path, sizeof(req_msg.org_path));
- req_msg.org_path[strlen(req_msg.org_path)] = '\0';
+ SAFE_STRLCPY(req_msg.org_path, req_manager->path, sizeof(req_msg.org_path));
req_msg.dst_path[0] = '\0';
req_msg.origin_path_size = strlen(req_msg.org_path) + 1;