Check input strings whether they are satisfying specifiction or not

Change-Id: I83818917094acda0862ff02fe0247901e567038c
Signed-off-by: Yu jiung <jiung.yu@samsung.com>

diff --git a/packaging/capi-network-asp.spec b/packaging/capi-network-asp.spec
index e5ef70e..e194935 100755 (executable)
--- a/packaging/capi-network-asp.spec
+++ b/packaging/capi-network-asp.spec
@@ -2,7 +2,7 @@
 
 Name:       capi-network-asp
 Summary:    An Application Service Platform(ASP) libraries in Native API
-Version:    0.0.16
+Version:    0.0.17
 Release:    1
 Group:      Network & Connectivity/API
 License:    Apache-2.0

diff --git a/src/asp-client.c b/src/asp-client.c
index adf180f..955a8ef 100644 (file)
--- a/src/asp-client.c
+++ b/src/asp-client.c
@@ -69,6 +69,17 @@
  *  Macros and Typedefs
  *****************************************************************************/
 
+#define INSTANCE_NAME_LEN 63
+#define SERVICE_TYPE_LEN 15
+#define PROTO_LEN 4
+#define KEY_LEN 9 /* http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt */
+#define KEY_MIN 0x20 /* RFC 20 */
+#define KEY_MAX 0x7E
+
+#define SERVICE_INFO_LEN 65000
+#define DEFERRED_LEN 144
+#define SESSION_INFO_LEN 144
+
 /*****************************************************************************
  *  Global Variables
  *****************************************************************************/
@@ -1147,6 +1158,13 @@ static int __remove_session(void *handle)
        return ASP_ERROR_NONE;
 }
 
+static bool __is_valid_instance_name(char *instance_name)
+{
+       if (strlen(instance_name) > INSTANCE_NAME_LEN)
+               return false;
+       else
+               return true;
+}
 
 int asp_advert_create(char *instance_name, asp_advert_service_h *adv_service)
 {
@@ -1178,6 +1196,11 @@ int asp_advert_create(char *instance_name, asp_advert_service_h *adv_service)
 
        if (instance_name) {
                ASP_LOGD("instance_name = [%s]", instance_name);
+               if (!__is_valid_instance_name(instance_name)) {
+                       ASP_LOGE("Not valid instance_name");
+                       __ASP_LOG_FUNC_END__;
+                       return ASP_ERROR_INVALID_PARAMETER;
+               }
                service->instance_name = g_strdup(instance_name);
                if (!service->instance_name) {
                        ASP_LOGE("malloc() failed!!!.");
@@ -1246,6 +1269,41 @@ int asp_advert_destroy(asp_advert_service_h adv_service)
        return ASP_ERROR_NONE;
 }
 
+static bool __is_valid_service_name(char *service_name)
+{
+       int pos = 0;
+       while(service_name[pos] != 0) {
+               if (!g_ascii_isalpha(service_name[pos]) &&
+                       !g_ascii_isdigit(service_name[pos]) &&
+                       service_name[pos] != '.' &&
+                       service_name[pos] != '-')
+                       return false;
+               pos++;
+       }
+       return true;
+}
+
+static bool __is_valid_service_type(char *service_type)
+{
+       int type_len = strlen(service_type) - PROTO_LEN - 1;
+       char *proto = &(service_type[type_len + 1]);
+       int pos = 1;
+
+       if (strncmp(proto, "_udp", PROTO_LEN) != 0 && strncmp(proto, "_tcp", PROTO_LEN) != 0)
+               return __is_valid_service_name(service_type);
+
+       if (type_len > SERVICE_TYPE_LEN + 1)
+               return false;
+
+       while (pos < type_len) {
+               if (!g_ascii_isalpha(service_type[pos]) &&
+                       !g_ascii_isdigit(service_type[pos]) &&
+                       service_type[pos] != '-')
+                       return false;
+               pos++;
+       }
+       return true;
+}
 
 int asp_advert_set_service_type(asp_advert_service_h adv_service,
         char *service_type)
@@ -1269,6 +1327,12 @@ int asp_advert_set_service_type(asp_advert_service_h adv_service,
        }
        ASP_LOGD("service [%p]", adv_service);
 
+       if (!__is_valid_service_type(service_type)) {
+               ASP_LOGE("invalid service_type");
+               __ASP_LOG_FUNC_END__;
+               return ASP_ERROR_INVALID_PARAMETER;
+       }
+
        service = __get_advert((void *)adv_service);
        if (service == NULL) {
                ASP_LOGE("Service NOT registered");
@@ -1325,6 +1389,22 @@ int asp_advert_set_auto_accept(asp_advert_service_h adv_service,
        return ASP_ERROR_NONE;
 }
 
+
+static bool __is_valid_key(const char *key)
+{
+       int pos = 0;
+
+       if (strlen(key) > KEY_LEN)
+               return false;
+
+       while (key[pos] != 0) {
+               if (key[pos] < KEY_MIN || key[pos] > KEY_MAX)
+                       return false;
+               pos++;
+       }
+       return true;
+}
+
 int asp_advert_add_info(asp_advert_service_h adv_service,
                             const char *key, const char *value)
 {
@@ -1346,6 +1426,12 @@ int asp_advert_add_info(asp_advert_service_h adv_service,
        }
        ASP_LOGD("service [%p]", adv_service);
 
+       if (__is_valid_key(key)) {
+               ASP_LOGE("invalid key!");
+               __ASP_LOG_FUNC_END__;
+               return ASP_ERROR_INVALID_PARAMETER;
+       }
+
        service = __get_advert((void *)adv_service);
        if (service == NULL) {
                ASP_LOGE("Service NOT registered");
@@ -1718,7 +1804,7 @@ int asp_advert_set_p2p_response(asp_advert_service_h adv_service,
                return ASP_ERROR_NOT_INITIALIZED;
        }
        /* TODO fit the rsp info for length */
-       if (length <= 0 || length > 144) {
+       if (length <= 0 || length > DEFERRED_LEN) {
                ASP_LOGE("invalid length!");
                __ASP_LOG_FUNC_END__;
                return ASP_ERROR_INVALID_PARAMETER;
@@ -2008,11 +2094,12 @@ int asp_seek_create(char *service_type, asp_seek_service_h *seek_service)
                return ASP_ERROR_NOT_INITIALIZED;
        }
 
-       if (!service_type || strlen(service_type) == 0) {
+       if (!service_type || strlen(service_type) == 0 || !__is_valid_service_type(service_type)) {
                ASP_LOGE("NULL Param [service_type]!");
                __ASP_LOG_FUNC_END__;
                return ASP_ERROR_INVALID_PARAMETER;
        }
+
        ASP_LOGD("service_type = [%s]", service_type);
 
        if (!seek_service) {
@@ -2103,11 +2190,12 @@ int asp_seek_add_info(asp_seek_service_h seek_service, const char *key)
                return ASP_ERROR_NOT_INITIALIZED;
        }
 
-       if (!seek_service) {
+       if (!seek_service || !key || strlen(key) == 0) {
                ASP_LOGE("NULL handler!");
                __ASP_LOG_FUNC_END__;
                return ASP_ERROR_INVALID_PARAMETER;
        }
+
        ASP_LOGD("service [%p]", seek_service);
 
        service = __get_seek((void *)seek_service);
@@ -2141,7 +2229,7 @@ int asp_seek_remove_info(asp_seek_service_h seek_service, const char *key)
                return ASP_ERROR_NOT_INITIALIZED;
        }
 
-       if (!seek_service) {
+       if (!seek_service || !key || strlen(key) == 0) {
                ASP_LOGE("NULL handler!");
                __ASP_LOG_FUNC_END__;
                return ASP_ERROR_INVALID_PARAMETER;
@@ -2539,7 +2627,7 @@ int asp_session_set_info(asp_session_h session, char *service_info)
                return ASP_ERROR_NOT_INITIALIZED;
        }
 
-       if (!service_info || !session) {
+       if (!service_info || !session || strlen(service_info) > SESSION_INFO_LEN) {
                ASP_LOGE("NULL Param!");
                __ASP_LOG_FUNC_END__;
                return ASP_ERROR_INVALID_PARAMETER;