From 2eea4e11e2872d057c1a0ec242b1134f9f531a7e Mon Sep 17 00:00:00 2001
From: wanghao-free <wanghao453@h-partners.com>
Date: Wed, 14 Dec 2022 01:53:06 -0800
Subject: [PATCH] =?UTF-8?q?fix=EF=BC=9A=E8=A7=A3=E5=86=B3release3.1?=
 =?UTF-8?q?=E5=88=86=E6=94=AF=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AE=E8=B6=85=E9=95=BF=E5=AD=97=E7=AC=A6=E4=B8=B2=E5=AE=89?=
 =?UTF-8?q?=E8=A3=85=E4=B9=8B=E5=90=8E=E9=BB=91=E5=B1=8F=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: wanghao-free <wanghao453@h-partners.com>
---
 .../appexecfwk_base/include/appexecfwk_errors.h          | 1 +
 .../innerkits/appexecfwk_base/include/bundle_constants.h | 2 ++
 interfaces/innerkits/appexecfwk_base/include/json_util.h | 9 ++++++++-
 .../include/bundlemgr/status_receiver_interface.h        | 3 ++-
 .../src/bundlemgr/bundle_status_callback_proxy.cpp       | 2 ++
 .../src/bundlemgr/status_receiver_proxy.cpp              | 6 +++++-
 kits/appkit/napi/bundlemgr/bundle_mgr.cpp                | 3 ++-
 7 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/interfaces/innerkits/appexecfwk_base/include/appexecfwk_errors.h b/interfaces/innerkits/appexecfwk_base/include/appexecfwk_errors.h
index 5c9d2a9da3..4003622e9f 100644
--- a/interfaces/innerkits/appexecfwk_base/include/appexecfwk_errors.h
+++ b/interfaces/innerkits/appexecfwk_base/include/appexecfwk_errors.h
@@ -119,6 +119,7 @@ enum {
     ERR_APPEXECFWK_PARSE_PROFILE_MISSING_PROP,
     ERR_APPEXECFWK_PARSE_PERMISSION_ERROR,
     ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR,
+    ERR_APPEXECFWK_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR,
     ERR_APPEXECFWK_PARSE_RPCID_FAILED,
 
     ERR_APPEXECFWK_INSTALLD_PARAM_ERROR,
diff --git a/interfaces/innerkits/appexecfwk_base/include/bundle_constants.h b/interfaces/innerkits/appexecfwk_base/include/bundle_constants.h
index bc65f12815..1ef4591c82 100644
--- a/interfaces/innerkits/appexecfwk_base/include/bundle_constants.h
+++ b/interfaces/innerkits/appexecfwk_base/include/bundle_constants.h
@@ -175,6 +175,8 @@ constexpr uint8_t MAX_MODULE_ABILITIES_READPERMISSION = 255;
 constexpr uint8_t MAX_MODULE_ABILITIES_WRITEPERMISSION = 255;
 constexpr uint8_t MAX_MODULE_SHORTCUTID = 63;
 constexpr uint8_t MAX_MODULE_LABEL = 63;
+constexpr uint8_t MAX_JSON_ELEMENT_LENGTH = 255;
+constexpr uint16_t MAX_JSON_ARRAY_LENGTH = 512;
 // max number of haps under one direction
 constexpr uint8_t MAX_HAP_NUMBER = 128;
 
diff --git a/interfaces/innerkits/appexecfwk_base/include/json_util.h b/interfaces/innerkits/appexecfwk_base/include/json_util.h
index 0f8815ddf3..f4e9756931 100644
--- a/interfaces/innerkits/appexecfwk_base/include/json_util.h
+++ b/interfaces/innerkits/appexecfwk_base/include/json_util.h
@@ -48,6 +48,10 @@ void CheckArrayType(
     if (arrays.empty()) {
         return;
     }
+    if (arrays.size() > Constants::MAX_JSON_ARRAY_LENGTH) {
+        parseResult = ERR_APPEXECFWK_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR;
+        return;
+    }
     switch (arrayType) {
         case ArrayType::STRING:
             for (const auto &array : arrays) {
@@ -141,6 +145,9 @@ void GetValueIfFindKey(const nlohmann::json &jsonObject, const nlohmann::detail:
                     break;
                 }
                 data = jsonObject.at(key).get<T>();
+                if (jsonObject.at(key).get<std::string>().length() > Constants::MAX_JSON_ELEMENT_LENGTH) {
+                    parseResult = ERR_APPEXECFWK_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR;
+                }
                 break;
             case JsonType::NULLABLE:
                 APP_LOGE("type is error %{public}s is nullable", key.c_str());
@@ -183,4 +190,4 @@ bool ParseInfoFromJsonStr(const char *data, T &t)
 }
 }  // namespace AppExecFwk
 }  // namespace OHOS
-#endif  // FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_BASE_INCLUDE_JSON_UTIL_H
\ No newline at end of file
+#endif  // FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_BASE_INCLUDE_JSON_UTIL_H
diff --git a/interfaces/innerkits/appexecfwk_core/include/bundlemgr/status_receiver_interface.h b/interfaces/innerkits/appexecfwk_core/include/bundlemgr/status_receiver_interface.h
index 43119a3e74..0af93d472d 100644
--- a/interfaces/innerkits/appexecfwk_core/include/bundlemgr/status_receiver_interface.h
+++ b/interfaces/innerkits/appexecfwk_core/include/bundlemgr/status_receiver_interface.h
@@ -107,6 +107,7 @@ public:
         ERR_INSTALL_PARSE_PROFILE_MISSING_PROP,
         ERR_INSTALL_PARSE_PERMISSION_ERROR,
         ERR_INSTALL_PARSE_PROFILE_PROP_CHECK_ERROR,
+        ERR_INSTALL_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR,
         ERR_INSTALL_PARSE_RPCID_FAILED,
 
         ERR_INSTALLD_PARAM_ERROR,
@@ -144,4 +145,4 @@ public:
 };
 }  // namespace AppExecFwk
 }  // namespace OHOS
-#endif  // FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_CORE_INCLUDE_BUNDLEMGR_STATUS_RECEIVER_INTERFACE_H
\ No newline at end of file
+#endif  // FOUNDATION_APPEXECFWK_INTERFACES_INNERKITS_APPEXECFWK_CORE_INCLUDE_BUNDLEMGR_STATUS_RECEIVER_INTERFACE_H
diff --git a/interfaces/innerkits/appexecfwk_core/src/bundlemgr/bundle_status_callback_proxy.cpp b/interfaces/innerkits/appexecfwk_core/src/bundlemgr/bundle_status_callback_proxy.cpp
index 98ec64ff58..f6e9dc17e6 100644
--- a/interfaces/innerkits/appexecfwk_core/src/bundlemgr/bundle_status_callback_proxy.cpp
+++ b/interfaces/innerkits/appexecfwk_core/src/bundlemgr/bundle_status_callback_proxy.cpp
@@ -196,6 +196,8 @@ std::string TransformResult(ErrCode resultCode)
             return "ERR_APPEXECFWK_INSTALL_NOT_UNIQUE_DISTRO_MODULE_NAME";
         case ERR_APPEXECFWK_INSTALL_INCONSISTENT_MODULE_NAME:
             return "ERR_APPEXECFWK_INSTALL_INCONSISTENT_MODULE_NAME";
+        case ERR_APPEXECFWK_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR:
+            return "ERR_APPEXECFWK_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR";
         default:
             return "";
     }
diff --git a/interfaces/innerkits/appexecfwk_core/src/bundlemgr/status_receiver_proxy.cpp b/interfaces/innerkits/appexecfwk_core/src/bundlemgr/status_receiver_proxy.cpp
index 4b85beacad..a99eaee8d6 100644
--- a/interfaces/innerkits/appexecfwk_core/src/bundlemgr/status_receiver_proxy.cpp
+++ b/interfaces/innerkits/appexecfwk_core/src/bundlemgr/status_receiver_proxy.cpp
@@ -97,6 +97,7 @@ const std::string MSG_ERR_INSTALL_PARSE_PROFILE_PROP_TYPE_ERROR = "[ERR_INSTALL_
 const std::string MSG_ERR_INSTALL_PARSE_PROFILE_MISSING_PROP = "[ERR_INSTALL_PARSE_PROFILE_MISSING_PROP]";
 const std::string MSG_ERR_INSTALL_PARSE_PERMISSION_ERROR = "[ERR_INSTALL_PARSE_PERMISSION_ERROR]";
 const std::string MSG_ERR_INSTALL_PARSE_PROFILE_PROP_CHECK_ERROR = "[ERR_INSTALL_PARSE_PROFILE_PROP_CHECK_ERROR]";
+const std::string MSG_ERR_INSTALL_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR = "[ERR_INSTALL_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR]";
 const std::string MSG_ERR_INSTALL_PARSE_RPCID_FAILED = "[ERR_INSTALL_PARSE_RPCID_FAILED]";
 
 const std::string MSG_ERR_INSTALLD_CLEAN_DIR_FAILED = "[MSG_ERR_INSTALLD_CLEAN_DIR_FAILED]";
@@ -253,6 +254,9 @@ const std::map<int32_t, struct ReceivedResult> MAP_RECEIVED_RESULTS {
         {IStatusReceiver::ERR_INSTALL_PARSE_PERMISSION_ERROR, MSG_ERR_INSTALL_PARSE_PERMISSION_ERROR}},
     {ERR_APPEXECFWK_PARSE_PROFILE_PROP_CHECK_ERROR,
         {IStatusReceiver::ERR_INSTALL_PARSE_PROFILE_PROP_CHECK_ERROR, MSG_ERR_INSTALL_PARSE_PROFILE_PROP_CHECK_ERROR}},
+    {ERR_APPEXECFWK_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR,
+        {IStatusReceiver::ERR_INSTALL_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR,
+            MSG_ERR_INSTALL_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR}},
     {ERR_APPEXECFWK_PARSE_RPCID_FAILED,
         {IStatusReceiver::ERR_INSTALL_PARSE_RPCID_FAILED, MSG_ERR_INSTALL_PARSE_RPCID_FAILED}},
 
@@ -401,4 +405,4 @@ void StatusReceiverProxy::TransformResult(const int32_t resultCode)
     APP_LOGD("result transformed is %{public}d, %{public}s", resultCode_, resultMsg_.c_str());
 }
 }  // namespace AppExecFwk
-}  // namespace OHOS
\ No newline at end of file
+}  // namespace OHOS
diff --git a/kits/appkit/napi/bundlemgr/bundle_mgr.cpp b/kits/appkit/napi/bundlemgr/bundle_mgr.cpp
index 7120b3baf4..d96c354905 100644
--- a/kits/appkit/napi/bundlemgr/bundle_mgr.cpp
+++ b/kits/appkit/napi/bundlemgr/bundle_mgr.cpp
@@ -2702,6 +2702,7 @@ static void ConvertInstallResult(InstallResult &installResult)
         case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_FAILED_NO_PROFILE_BLOCK_FAIL):
         case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_FAILED_BUNDLE_SIGNATURE_VERIFICATION_FAILURE):
         case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_FAILED_VERIFY_SOURCE_INIT_FAIL):
+        case static_cast<int32_t>(IStatusReceiver::ERR_INSTALL_PARSE_PROFILE_PROP_SIZE_CHECK_ERROR):
             installResult.resultCode = static_cast<int32_t>(InstallErrorCode::STATUS_INSTALL_FAILURE_INVALID);
             installResult.resultMsg = "STATUS_INSTALL_FAILURE_INVALID";
             break;
@@ -6364,4 +6365,4 @@ void CreateExtensionAbilityTypeObject(napi_env env, napi_value value)
     NAPI_CALL_RETURN_VOID(env, napi_set_named_property(env, value, "UNSPECIFIED", nUnspecified));
 }
 }  // namespace AppExecFwk
-}  // namespace OHOS
\ No newline at end of file
+}  // namespace OHOS
-- 
Gitee