summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYu <jiung.yu@samsung.com>2020-05-15 16:01:39 +0900
committerYu <jiung.yu@samsung.com>2020-05-18 09:18:54 +0900
commit0222b49f2e78f917561ec609f1d8d42a79044c41 (patch)
tree30272c8930134702e5f7974c7a21933934269651
parentde49fa1b1c33a9b977db5aa12eab7267e7e70e38 (diff)
downloadconnman-0222b49f2e78f917561ec609f1d8d42a79044c41.tar.gz
connman-0222b49f2e78f917561ec609f1d8d42a79044c41.tar.bz2
connman-0222b49f2e78f917561ec609f1d8d42a79044c41.zip
Add logic to detect buffer overflow for snprintf
Change-Id: I60f835aeed101ef61a2bbb73bf2fc8c2c7327d50 Signed-off-by: Yu jiung <jiung.yu@samsung.com>
-rwxr-xr-xgdbus/watch.c46
1 files changed, 46 insertions, 0 deletions
diff --git a/gdbus/watch.c b/gdbus/watch.c
index 447e4867..c51e60df 100755
--- a/gdbus/watch.c
+++ b/gdbus/watch.c
@@ -136,6 +136,51 @@ static struct filter_data *filter_data_find(DBusConnection *connection)
return NULL;
}
+#if defined TIZEN_EXT
+#define SENDER_PREFIX ",sender='%s'"
+#define PATH_PREFIX ",path='%s'"
+#define IFACE_PREFIX ",interface='%s'"
+#define MEMBER_PREFIX ",member='%s'"
+#define ARG0_PREFIX ",arg0='%s'"
+
+static gboolean check_rule_length(int remains, const char *prefix, const char *data)
+{
+ if (!prefix || !data)
+ return FALSE;
+
+ return strlen(prefix) - 4 + strlen(data) < remains;
+}
+
+static void format_rule(struct filter_data *data, char *rule, size_t size)
+{
+ const char *sender;
+ int offset;
+
+ offset = snprintf(rule, size, "type='signal'");
+ sender = data->name ? : data->owner;
+
+ if (sender &&
+ check_rule_length(size - offset, SENDER_PREFIX, sender))
+ offset += snprintf(rule + offset, size - offset,
+ SENDER_PREFIX, sender);
+ if (data->path &&
+ check_rule_length(size - offset, PATH_PREFIX, data->path))
+ offset += snprintf(rule + offset, size - offset,
+ PATH_PREFIX, data->path);
+ if (data->interface &&
+ check_rule_length(size - offset, IFACE_PREFIX, data->interface))
+ offset += snprintf(rule + offset, size - offset,
+ IFACE_PREFIX, data->interface);
+ if (data->member &&
+ check_rule_length(size - offset, MEMBER_PREFIX, data->member))
+ offset += snprintf(rule + offset, size - offset,
+ MEMBER_PREFIX, data->member);
+ if (data->argument &&
+ check_rule_length(size - offset, ARG0_PREFIX, data->argument))
+ snprintf(rule + offset, size - offset,
+ ARG0_PREFIX, data->argument);
+}
+#else
static void format_rule(struct filter_data *data, char *rule, size_t size)
{
const char *sender;
@@ -160,6 +205,7 @@ static void format_rule(struct filter_data *data, char *rule, size_t size)
snprintf(rule + offset, size - offset,
",arg0='%s'", data->argument);
}
+#endif
static gboolean add_match(struct filter_data *data,
DBusHandleMessageFunction filter)