summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsamanway <samanway@linux-samanway.sa.corp.samsungelectronics.net>2020-02-04 16:37:38 +0530
committerDoHyun Pyun <dh79.pyun@samsung.com>2020-02-19 09:11:35 +0900
commita6440c933cb324e2fde96d281296dbeb4fe3199e (patch)
treef3a29b67ba4937553ca9b270f0ef192db031d321
parent6410f7a2a9d95eda15c643c248e1af0970da4bf5 (diff)
downloadiotivity-accepted/tizen_5.5_unified.tar.gz
iotivity-accepted/tizen_5.5_unified.tar.bz2
iotivity-accepted/tizen_5.5_unified.zip
- In Caremotehandler.c, function CACloneInfo was copying token into buffer in vulnurable way - Fixed it appending NULL in destination string https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/pull/662 (cherry-picked from f8af2d6ca117bdf270c97c5c28f86bb0169659e5) Change-Id: I84dfff77ecbf3a333913ce341060d7e30444ac62 Signed-off-by: samanway <samanway-dey@samsung.com> Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
-rw-r--r--resource/csdk/connectivity/common/src/caremotehandler.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/resource/csdk/connectivity/common/src/caremotehandler.c b/resource/csdk/connectivity/common/src/caremotehandler.c
index 1e5b7e9b1..638c04f84 100644
--- a/resource/csdk/connectivity/common/src/caremotehandler.c
+++ b/resource/csdk/connectivity/common/src/caremotehandler.c
@@ -261,7 +261,7 @@ CAResult_t CACloneInfo(const CAInfo_t *info, CAInfo_t *clone)
// allocate token field
uint8_t len = info->tokenLength;
- char *temp = (char *) OICMalloc(len * sizeof(char));
+ char *temp = (char *) OICCalloc(1, (len + 1) * sizeof(char));
if (!temp)
{
OIC_LOG(ERROR, TAG, "CACloneInfo Out of memory");