From 23fb11be885891c86bf603e0dc77c6979879d3f1 Mon Sep 17 00:00:00 2001
From: chenguanhao <chenguanhao1@huawei.com>
Date: Thu, 5 Sep 2024 10:58:26 +0800
Subject: [PATCH 1/4] =?UTF-8?q?DTS0000000000000=20fuzzer=20strdup=20crash?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98=E8=A7=A3=E5=86=B3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: chenguanhao <chenguanhao1@huawei.com>
---
 .../config_policy/src/config_policy_utils.c   | 32 +++++++++++++++----
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/frameworks/config_policy/src/config_policy_utils.c b/frameworks/config_policy/src/config_policy_utils.c
index 9dcf4d7..5980f23 100644
--- a/frameworks/config_policy/src/config_policy_utils.c
+++ b/frameworks/config_policy/src/config_policy_utils.c
@@ -474,6 +474,20 @@ char *GetOneCfgFile(const char *pathSuffix, char *buf, unsigned int bufLength)
     return GetOneCfgFileEx(pathSuffix, buf, bufLength, FOLLOWX_MODE_DEFAULT, NULL);
 }
 
+char *StrDupCustom(const char *buf)
+{
+    char *paths = (char*)malloc(sizeof(char) * MAX_PATH_LEN);
+    if (paths == NULL) {
+        return NULL;
+    }
+    errno_t ret = strcpy_c(paths, MAX_PATH_LEN, buf);
+    if (ret != 0) {
+        free(paths);
+        paths = NULL;
+    }
+    return paths;
+}
+
 CfgFiles *GetCfgFilesEx(const char *pathSuffix, int followMode, const char *extra)
 {
     if (pathSuffix == NULL) {
@@ -499,14 +513,20 @@ CfgFiles *GetCfgFilesEx(const char *pathSuffix, int followMode, const char *extr
         }
         if (snprintf_s(buf, MAX_PATH_LEN, MAX_PATH_LEN - 1, "%s/%s", dirs->paths[i], pathSuffix) > 0 &&
             access(buf, F_OK) == 0) {
-            files->paths[index++] = strdup(buf);
+            files->paths[index] = StrDupCustom(buf);
+            if (files->paths[index] != NULL) {
+                index++;
+            }
         }
         for (int j = 0; result && j < result->segCount && index < MAX_CFG_POLICY_DIRS_CNT; j++) {
-            if (result->segs[j] &&
-                snprintf_s(buf, MAX_PATH_LEN, MAX_PATH_LEN - 1, "%s/%s/%s", dirs->paths[i], result->segs[j],
-                pathSuffix) > 0 &&
-                access(buf, F_OK) == 0) {
-                files->paths[index++] = strdup(buf);
+            if ((!result->segs[j]) ||
+                (snprintf_s(buf, MAX_PATH_LEN, MAX_PATH_LEN - 1, "%s/%s/%s", dirs->paths[i], result->segs[j],
+                 pathSuffix) <= 0) || (access(buf, F_OK) != 0)) {
+                continue;
+            }
+            files->paths[index] = StrDupCustom(buf);
+            if (files->paths[index] != NULL) {
+                index++;
             }
         }
     }
-- 
Gitee


From 2df72a3f6cd0a448012d672aa856cca1493cb9ac Mon Sep 17 00:00:00 2001
From: chenguanhao <chenguanhao1@huawei.com>
Date: Thu, 5 Sep 2024 10:58:26 +0800
Subject: [PATCH 2/4] =?UTF-8?q?DTS0000000000000=20fuzzer=20strdup=20crash?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98=E8=A7=A3=E5=86=B3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: chenguanhao <chenguanhao1@huawei.com>
---
 frameworks/config_policy/src/config_policy_utils.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/frameworks/config_policy/src/config_policy_utils.c b/frameworks/config_policy/src/config_policy_utils.c
index 5980f23..8669d9f 100644
--- a/frameworks/config_policy/src/config_policy_utils.c
+++ b/frameworks/config_policy/src/config_policy_utils.c
@@ -480,7 +480,7 @@ char *StrDupCustom(const char *buf)
     if (paths == NULL) {
         return NULL;
     }
-    errno_t ret = strcpy_c(paths, MAX_PATH_LEN, buf);
+    errno_t ret = strcpy_s(paths, MAX_PATH_LEN, buf);
     if (ret != 0) {
         free(paths);
         paths = NULL;
@@ -521,7 +521,8 @@ CfgFiles *GetCfgFilesEx(const char *pathSuffix, int followMode, const char *extr
         for (int j = 0; result && j < result->segCount && index < MAX_CFG_POLICY_DIRS_CNT; j++) {
             if ((!result->segs[j]) ||
                 (snprintf_s(buf, MAX_PATH_LEN, MAX_PATH_LEN - 1, "%s/%s/%s", dirs->paths[i], result->segs[j],
-                 pathSuffix) <= 0) || (access(buf, F_OK) != 0)) {
+                 pathSuffix) <= 0) ||
+                (access(buf, F_OK) != 0)) {
                 continue;
             }
             files->paths[index] = StrDupCustom(buf);
-- 
Gitee


From 63d4e82dc84252001e6a120e3dd77e6539351d6e Mon Sep 17 00:00:00 2001
From: chenguanhao <chenguanhao1@huawei.com>
Date: Thu, 5 Sep 2024 10:58:26 +0800
Subject: [PATCH 3/4] =?UTF-8?q?DTS0000000000000=20fuzzer=20strdup=20crash?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98=E8=A7=A3=E5=86=B3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: chenguanhao <chenguanhao1@huawei.com>
---
 frameworks/config_policy/src/config_policy_utils.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/frameworks/config_policy/src/config_policy_utils.c b/frameworks/config_policy/src/config_policy_utils.c
index 8669d9f..3fbd8f5 100644
--- a/frameworks/config_policy/src/config_policy_utils.c
+++ b/frameworks/config_policy/src/config_policy_utils.c
@@ -476,11 +476,15 @@ char *GetOneCfgFile(const char *pathSuffix, char *buf, unsigned int bufLength)
 
 char *StrDupCustom(const char *buf)
 {
-    char *paths = (char*)malloc(sizeof(char) * MAX_PATH_LEN);
+    if (buf == NULL) {
+        return NULL;
+    }
+    size_t len = strlen(buf) + 1;
+    char *paths = (char*)malloc(sizeof(char) * len);
     if (paths == NULL) {
         return NULL;
     }
-    errno_t ret = strcpy_s(paths, MAX_PATH_LEN, buf);
+    errno_t ret = strcpy_s(paths, len, buf);
     if (ret != 0) {
         free(paths);
         paths = NULL;
@@ -521,7 +525,7 @@ CfgFiles *GetCfgFilesEx(const char *pathSuffix, int followMode, const char *extr
         for (int j = 0; result && j < result->segCount && index < MAX_CFG_POLICY_DIRS_CNT; j++) {
             if ((!result->segs[j]) ||
                 (snprintf_s(buf, MAX_PATH_LEN, MAX_PATH_LEN - 1, "%s/%s/%s", dirs->paths[i], result->segs[j],
-                 pathSuffix) <= 0) ||
+                            pathSuffix) <= 0) ||
                 (access(buf, F_OK) != 0)) {
                 continue;
             }
-- 
Gitee


From 0134af60b0c29ae3d77081e2e3cc76c7454dec44 Mon Sep 17 00:00:00 2001
From: chenguanhao <chenguanhao1@huawei.com>
Date: Thu, 5 Sep 2024 10:58:26 +0800
Subject: [PATCH 4/4] =?UTF-8?q?DTS0000000000000=20fuzzer=20strdup=20crash?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98=E8=A7=A3=E5=86=B3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: chenguanhao <chenguanhao1@huawei.com>
---
 frameworks/config_policy/src/config_policy_utils.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/frameworks/config_policy/src/config_policy_utils.c b/frameworks/config_policy/src/config_policy_utils.c
index 3fbd8f5..e02c711 100644
--- a/frameworks/config_policy/src/config_policy_utils.c
+++ b/frameworks/config_policy/src/config_policy_utils.c
@@ -479,12 +479,12 @@ char *StrDupCustom(const char *buf)
     if (buf == NULL) {
         return NULL;
     }
-    size_t len = strlen(buf) + 1;
-    char *paths = (char*)malloc(sizeof(char) * len);
+    size_t len = strlen(buf);
+    char *paths = (char*)malloc(sizeof(char) * (len + 1));
     if (paths == NULL) {
         return NULL;
     }
-    errno_t ret = strcpy_s(paths, len, buf);
+    errno_t ret = strcpy_s(paths, len + 1, buf);
     if (ret != 0) {
         free(paths);
         paths = NULL;
-- 
Gitee