diff options
-rwxr-xr-x | server/thumb-server-internal.c | 2 | ||||
-rwxr-xr-x | src/ipc/media-thumb-ipc.c | 14 |
2 files changed, 14 insertions, 2 deletions
diff --git a/server/thumb-server-internal.c b/server/thumb-server-internal.c index 9116c05..4217b2e 100755 --- a/server/thumb-server-internal.c +++ b/server/thumb-server-internal.c @@ -117,7 +117,7 @@ gboolean _thumb_server_read_socket(GIOChannel *src, GIOCondition condition, gpoi SAFE_FREE(credentials.smack); SAFE_FREE(credentials.uid); - thumb_warn_slog("Received [%d] %s(%d) from PID(%d)", recv_msg.msg_type, recv_msg.org_path, strlen(recv_msg.org_path), recv_msg.pid); + thumb_warn_slog("Received [%d] %.*s(%d) from PID(%d)", recv_msg.msg_type, MAX_FILEPATH_LEN, recv_msg.org_path, strlen(recv_msg.org_path), recv_msg.pid); if (recv_msg.msg_type != THUMB_REQUEST_KILL_SERVER) _thumb_daemon_process_job(&recv_msg, &res_msg); diff --git a/src/ipc/media-thumb-ipc.c b/src/ipc/media-thumb-ipc.c index 4fb6cd8..9f652a2 100755 --- a/src/ipc/media-thumb-ipc.c +++ b/src/ipc/media-thumb-ipc.c @@ -270,7 +270,19 @@ int _media_thumb_recv_msg(int sock, int header_size, thumbMsg *msg) } memcpy(msg, buf, header_size); - //thumb_dbg("thumb_size : %d", msg->thumb_size); + + if (strlen(msg->org_path) == 0 || strlen(msg->org_path) >= MAX_FILEPATH_LEN) { + thumb_err("org_path size is invalid %d", strlen(msg->org_path)); + + return MS_MEDIA_ERR_SOCKET_RECEIVE; + } + + /* it can be empty string */ + if (strlen(msg->dst_path) >= MAX_FILEPATH_LEN) { + thumb_err("dst_path size is invalid %d", strlen(msg->dst_path)); + + return MS_MEDIA_ERR_SOCKET_RECEIVE; + } SAFE_FREE(buf); if (msg->thumb_size < 0) { |