diff options
author | Yu <jiung.yu@samsung.com> | 2020-05-15 16:01:39 +0900 |
---|---|---|
committer | Yu <jiung.yu@samsung.com> | 2020-05-18 09:18:54 +0900 |
commit | 0222b49f2e78f917561ec609f1d8d42a79044c41 (patch) | |
tree | 30272c8930134702e5f7974c7a21933934269651 | |
parent | de49fa1b1c33a9b977db5aa12eab7267e7e70e38 (diff) | |
download | connman-0222b49f2e78f917561ec609f1d8d42a79044c41.tar.gz connman-0222b49f2e78f917561ec609f1d8d42a79044c41.tar.bz2 connman-0222b49f2e78f917561ec609f1d8d42a79044c41.zip |
Add logic to detect buffer overflow for snprintf
Change-Id: I60f835aeed101ef61a2bbb73bf2fc8c2c7327d50
Signed-off-by: Yu jiung <jiung.yu@samsung.com>
-rwxr-xr-x | gdbus/watch.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/gdbus/watch.c b/gdbus/watch.c index 447e4867..c51e60df 100755 --- a/gdbus/watch.c +++ b/gdbus/watch.c @@ -136,6 +136,51 @@ static struct filter_data *filter_data_find(DBusConnection *connection) return NULL; } +#if defined TIZEN_EXT +#define SENDER_PREFIX ",sender='%s'" +#define PATH_PREFIX ",path='%s'" +#define IFACE_PREFIX ",interface='%s'" +#define MEMBER_PREFIX ",member='%s'" +#define ARG0_PREFIX ",arg0='%s'" + +static gboolean check_rule_length(int remains, const char *prefix, const char *data) +{ + if (!prefix || !data) + return FALSE; + + return strlen(prefix) - 4 + strlen(data) < remains; +} + +static void format_rule(struct filter_data *data, char *rule, size_t size) +{ + const char *sender; + int offset; + + offset = snprintf(rule, size, "type='signal'"); + sender = data->name ? : data->owner; + + if (sender && + check_rule_length(size - offset, SENDER_PREFIX, sender)) + offset += snprintf(rule + offset, size - offset, + SENDER_PREFIX, sender); + if (data->path && + check_rule_length(size - offset, PATH_PREFIX, data->path)) + offset += snprintf(rule + offset, size - offset, + PATH_PREFIX, data->path); + if (data->interface && + check_rule_length(size - offset, IFACE_PREFIX, data->interface)) + offset += snprintf(rule + offset, size - offset, + IFACE_PREFIX, data->interface); + if (data->member && + check_rule_length(size - offset, MEMBER_PREFIX, data->member)) + offset += snprintf(rule + offset, size - offset, + MEMBER_PREFIX, data->member); + if (data->argument && + check_rule_length(size - offset, ARG0_PREFIX, data->argument)) + snprintf(rule + offset, size - offset, + ARG0_PREFIX, data->argument); +} +#else static void format_rule(struct filter_data *data, char *rule, size_t size) { const char *sender; @@ -160,6 +205,7 @@ static void format_rule(struct filter_data *data, char *rule, size_t size) snprintf(rule + offset, size - offset, ",arg0='%s'", data->argument); } +#endif static gboolean add_match(struct filter_data *data, DBusHandleMessageFunction filter) |