diff options
| author | samanway <samanway@linux-samanway.sa.corp.samsungelectronics.net> | 2020-02-04 16:37:38 +0530 |
|---|---|---|
| committer | DoHyun Pyun <dh79.pyun@samsung.com> | 2020-02-19 09:15:04 +0900 |
| commit | 6692961c25d77dc0846b17bd4b7fd5b513de0599 (patch) | |
| tree | 17063e67c67838d073254aa1e2d7b9731cc7f809 | |
| parent | 38c89116ed81b44e062b6acbb84094862a95ba85 (diff) | |
| download | iotivity-6692961c25d77dc0846b17bd4b7fd5b513de0599.tar.gz iotivity-6692961c25d77dc0846b17bd4b7fd5b513de0599.tar.bz2 iotivity-6692961c25d77dc0846b17bd4b7fd5b513de0599.zip | |
[CONPRO-1561] Crash in memcpysubmit/tizen/20200219.001638
- In Caremotehandler.c, function CACloneInfo was copying token into buffer in vulnurable way
- Fixed it appending NULL in destination string
https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/pull/662
(cherry-picked from f8af2d6ca117bdf270c97c5c28f86bb0169659e5)
Change-Id: I84dfff77ecbf3a333913ce341060d7e30444ac62
Signed-off-by: samanway <samanway-dey@samsung.com>
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
| -rw-r--r-- | resource/csdk/connectivity/common/src/caremotehandler.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/resource/csdk/connectivity/common/src/caremotehandler.c b/resource/csdk/connectivity/common/src/caremotehandler.c index 1e5b7e9b1..638c04f84 100644 --- a/resource/csdk/connectivity/common/src/caremotehandler.c +++ b/resource/csdk/connectivity/common/src/caremotehandler.c @@ -261,7 +261,7 @@ CAResult_t CACloneInfo(const CAInfo_t *info, CAInfo_t *clone) // allocate token field uint8_t len = info->tokenLength; - char *temp = (char *) OICMalloc(len * sizeof(char)); + char *temp = (char *) OICCalloc(1, (len + 1) * sizeof(char)); if (!temp) { OIC_LOG(ERROR, TAG, "CACloneInfo Out of memory"); |