diff options
| author | Kyungwook Tak <k.tak@samsung.com> | 2017-02-09 16:38:43 +0900 |
|---|---|---|
| committer | sangwan.kwon <sangwan.kwon@samsung.com> | 2017-04-05 15:38:29 +0900 |
| commit | 99cebf960a4f71ba7e01c5761a3f4c05d90a5036 (patch) | |
| tree | 13477d848e61b57e122d8dc0bd57cc7f6577ab65 | |
| parent | ae6388344694f5e068172e6f8c1d48b0cf4bfb05 (diff) | |
| download | drm-service-core-tizen-99cebf960a4f71ba7e01c5761a3f4c05d90a5036.tar.gz drm-service-core-tizen-99cebf960a4f71ba7e01c5761a3f4c05d90a5036.tar.bz2 drm-service-core-tizen-99cebf960a4f71ba7e01c5761a3f4c05d90a5036.zip | |
Fix svace defects
Change-Id: Ib8740613250c789ce43d95c083e0f9a03a9ca97c
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
(cherry picked from commit 265e328cf364a7eaf7d6f845c8fcdd52831b506d)
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
| -rw-r--r-- | tadcore/DrmFileHandleMgr/DrmFileHandler.cpp | 4 | ||||
| -rw-r--r-- | tadcore/Svc/DrmTdcSvc.cpp | 25 | ||||
| -rw-r--r-- | tadcore/XMLParser/CXMLFile.cpp | 6 | ||||
| -rw-r--r-- | tadcore/include/DrmFileHandler.h | 38 |
4 files changed, 52 insertions, 21 deletions
diff --git a/tadcore/DrmFileHandleMgr/DrmFileHandler.cpp b/tadcore/DrmFileHandleMgr/DrmFileHandler.cpp index 63e2e2d..879f80a 100644 --- a/tadcore/DrmFileHandleMgr/DrmFileHandler.cpp +++ b/tadcore/DrmFileHandleMgr/DrmFileHandler.cpp @@ -148,6 +148,10 @@ int DrmFileHandler::Construct(const char *szDrmFilePath) fseek(m_pFP, 0, SEEK_END); m_OriginEndOffset = ftell(m_pFP); + if (m_OriginEndOffset < m_PlaintextStartOffset) { + DRM_TAPPS_EXCEPTION("Invalid file offset... offset is bigger than file size"); + return TADC_FILE_OPEN_ERROR; + } m_plaintextSize = m_OriginEndOffset - m_PlaintextStartOffset; diff --git a/tadcore/Svc/DrmTdcSvc.cpp b/tadcore/Svc/DrmTdcSvc.cpp index f1e7bee..e95779e 100644 --- a/tadcore/Svc/DrmTdcSvc.cpp +++ b/tadcore/Svc/DrmTdcSvc.cpp @@ -182,11 +182,22 @@ bool DrmTdcDecryptPackage(const char *pTADCFilepath, const char *pLicenseBuf, } fseek(hFile1, 0, SEEK_END); - auto size1 = ftell(hFile1); + auto size1 = static_cast<long long>(ftell(hFile1)); auto offset = t_FileHeader.Offset1 + 35 + t_DRMHeader.XmlSize; fseek(hFile1, offset, SEEK_SET); + if (size1 < offset) { + DRM_TAPPS_EXCEPTION("Invalid offset... offset is bigger than file size"); + fclose(hFile1); + fclose(hFile2); + TADC_MEMFree_FileHeader(&t_FileHeader); + TADC_MEMFree_DRMHeader(&t_DRMHeader); + TADC_MEMFree_RO(&t_RO); + TADC_IF_Free(pReadBuf); + return FALSE; + } + auto size2 = size1 - offset; //plain file size auto BlockCnt = (size2 / 512) + ((size2 % 512) ? 1 : 0); @@ -309,11 +320,21 @@ bool DrmTdcDecryptPackage2(const char *pTADCFilepath, T_RO t_RO, } fseek(hFile1, 0, SEEK_END); - auto size1 = ftell(hFile1); + auto size1 = static_cast<long long>(ftell(hFile1)); auto offset = t_FileHeader.Offset1 + 35 + t_DRMHeader.XmlSize; fseek(hFile1, offset, SEEK_SET); + if (size1 < offset) { + DRM_TAPPS_EXCEPTION("Invalid offset... offset is bigger than file size"); + fclose(hFile1); + fclose(hFile2); + TADC_MEMFree_FileHeader(&t_FileHeader); + TADC_MEMFree_DRMHeader(&t_DRMHeader); + TADC_IF_Free(pReadBuf); + return FALSE; + } + auto size2 = size1 - offset; //plain file size auto BlockCnt = (size2 / 512) + ((size2 % 512) ? 1 : 0); diff --git a/tadcore/XMLParser/CXMLFile.cpp b/tadcore/XMLParser/CXMLFile.cpp index 4a1d485..d1433a2 100644 --- a/tadcore/XMLParser/CXMLFile.cpp +++ b/tadcore/XMLParser/CXMLFile.cpp @@ -14,6 +14,8 @@ * limitations under the License. */ +#include <climits> + #include "CXMLFile.h" #include "TADC_IF.h" #include "TADC_ErrorCode.h" @@ -101,6 +103,10 @@ int CXMLFile::LoadFromFile(LPCTSTR pszFileName) dwFileSize = ftell(hFile); fseek(hFile, 0, SEEK_SET); + if (dwFileSize > LONG_MAX - 256) { + nResult = -1; + goto finish; + } pbBuffer = new BYTE[dwFileSize + 1]; IF_TRUE_GOTO(pbBuffer == NULL, TADC_MEMAlOC_ERROR); diff --git a/tadcore/include/DrmFileHandler.h b/tadcore/include/DrmFileHandler.h index 1055f11..49a216a 100644 --- a/tadcore/include/DrmFileHandler.h +++ b/tadcore/include/DrmFileHandler.h @@ -36,25 +36,25 @@ private: int DrmDecryptBlocks(void); long long GetCurBlockIndex(void); - unsigned char *m_pFilePath; - unsigned char *m_pCID; - unsigned char *m_pCEK; - unsigned char *m_pDecBuf; - - int m_PlaintextStartOffset; - FILE *m_pFP; - - long m_encryptionLevel; - long long m_encryptionRange; - long long m_plaintextSize; - long long m_OriginEndOffset; - long long m_OriginCurOffset; - long long m_DrmCurOffset; - long long m_DrmEndOffset; - long long m_blockCnt; - long long m_curBlockIndex; - long long m_decReadlen; - long long m_extraReadlen; + unsigned char *m_pFilePath = nullptr; + unsigned char *m_pCID = nullptr; + unsigned char *m_pCEK = nullptr; + unsigned char *m_pDecBuf = nullptr; + + int m_PlaintextStartOffset = 0; + FILE *m_pFP = nullptr; + + long m_encryptionLevel = 0; + long long m_encryptionRange = 0; + long long m_plaintextSize = 0; + long long m_OriginEndOffset = 0; + long long m_OriginCurOffset = 0; + long long m_DrmCurOffset = 0; + long long m_DrmEndOffset = 0; + long long m_blockCnt = 0; + long long m_curBlockIndex = 0; + long long m_decReadlen = 0; + long long m_extraReadlen = 0; }; #endif //__DRMFILEHANDLER_H_ |