DBG("\n [CISS-ENGINE] sia = %s, sib = %s, sic = %s", sia, sib, sic);
}
- strncpy(mmi_ctx->ss_code, ss_code, MAX_SC_LEN);
+ strncpy(mmi_ctx->ss_code, ss_code, MAX_SC_LEN + 1);
+ mmi_ctx->ss_code[MAX_SC_LEN] = '\0';
if ((ss_operation != registerPassword) &&
(ss_operation != NULL_SS_OPERATION)) {
if (!_ciss_convert_sc_to_tapi_flavor(ss_code, &tapi_flavor, &ss_type)) {
if ((ss_operation != registerPassword) &&
((ss_type == CISS_SERVICE_FORWARDING) ||
(ss_type == CISS_SERVICE_BARRING))) {
- strncpy(bsg, sib, MAX_SIB_LEN);
+ strncpy(bsg, sib, MAX_SIA_LEN + 1);
+ bsg[MAX_SIA_LEN] = '\0';
} else if (ss_type == CISS_SERVICE_WAITING) {
if ((sib[0] != 0) || (sic[0] != 0)) {
ss_operation = NULL_SS_OPERATION;
} else {
strncpy(bsg, sia, MAX_SIA_LEN);
+ bsg[MAX_SIA_LEN] = '\0';
}
} else {
bsg[0] = '\0';
if (ss_operation != NULL_SS_OPERATION) {
if (ss_type == CISS_SERVICE_FORWARDING) {
if (sia[0] != '\0') {
- strncpy(mmi_ctx->forward_number, sia, strlen(sia));
- mmi_ctx->forward_number[strlen(sia)] = '\0';
+ strncpy(mmi_ctx->forward_number, sia, CISS_NUMBER_LEN_MAX + 1);
+ mmi_ctx->forward_number[CISS_NUMBER_LEN_MAX] = '\0';
}
}
}
memset(mmi_ctx->ss_password, '\0', CISS_MAX_PASSWORD_LEN + 1);
memset(mmi_ctx->ss_new_password, '\0', CISS_MAX_PASSWORD_LEN + 1);
memset(mmi_ctx->ss_new_password2, '\0', CISS_MAX_PASSWORD_LEN + 1);
- strncpy(mmi_ctx->ss_password, sia, CISS_MAX_PASSWORD_LEN);
- strncpy(mmi_ctx->ss_new_password, sib, CISS_MAX_PASSWORD_LEN);
- strncpy(mmi_ctx->ss_new_password2, sic, CISS_MAX_PASSWORD_LEN);
+ strncpy(mmi_ctx->ss_password, sia, CISS_MAX_PASSWORD_LEN + 1);
+ mmi_ctx->ss_password[CISS_MAX_PASSWORD_LEN] = '\0';
+ strncpy(mmi_ctx->ss_new_password, sib, CISS_MAX_PASSWORD_LEN + 1);
+ mmi_ctx->ss_new_password[CISS_MAX_PASSWORD_LEN] = '\0';
+ strncpy(mmi_ctx->ss_new_password2, sic, CISS_MAX_PASSWORD_LEN + 1);
+ mmi_ctx->ss_new_password2[CISS_MAX_PASSWORD_LEN] = '\0';
} else {
memset(mmi_ctx->ss_password, '\0', CISS_MAX_PASSWORD_LEN + 1);
memset(mmi_ctx->ss_new_password, '\0', CISS_MAX_PASSWORD_LEN + 1);
memset(mmi_ctx->ss_new_password2, '\0', CISS_MAX_PASSWORD_LEN + 1);
- strncpy(mmi_ctx->ss_password, sia, CISS_MAX_PASSWORD_LEN);
- strncpy(mmi_ctx->ss_new_password, sib, CISS_MAX_PASSWORD_LEN);
- strncpy(mmi_ctx->ss_new_password2, sic, CISS_MAX_PASSWORD_LEN);
+ strncpy(mmi_ctx->ss_password, sia, CISS_MAX_PASSWORD_LEN + 1);
+ mmi_ctx->ss_password[CISS_MAX_PASSWORD_LEN] = '\0';
+ strncpy(mmi_ctx->ss_new_password, sib, CISS_MAX_PASSWORD_LEN + 1);
+ mmi_ctx->ss_new_password[CISS_MAX_PASSWORD_LEN] = '\0';
+ strncpy(mmi_ctx->ss_new_password2, sic, CISS_MAX_PASSWORD_LEN + 1);
+ mmi_ctx->ss_new_password2[CISS_MAX_PASSWORD_LEN] = '\0';
}
}
static void __ciss_ui_mmi_create_mmi_result_string(ciss_result_t *pSSResult, int index, char *result_string)
{
DBG("Enter");
+ int ret;
char mszBuffer[CISS_TEXT_LEN_MAX*5];
char szBuffer[CISS_TEXT_LEN_MAX];
char service[CISS_TEXT_LEN_MAX];
_ciss_ui_mmi_get_result_status_type(pSSResult->szSsType, pSSResult->szResult[index], status);
//strncpy(mszBuffer, service, CISS_TEXT_LEN_MAX - 1);
- snprintf(mszBuffer, CISS_TEXT_LEN_MAX, "<br><br><br> %s", service);
+ ret = snprintf(mszBuffer, CISS_TEXT_LEN_MAX, "<br><br><br> %s", service);
+ if (ret >= CISS_TEXT_LEN_MAX)
+ ERR("mszBuffer is truncated");
mszBuffer[CISS_TEXT_LEN_MAX - 1] = '\0';
if (strlen(teleservice)) {
- strncat(mszBuffer, "<br>", strlen("<br>"));
- strncat(mszBuffer, " -", strlen(" -"));
- strncat(mszBuffer, teleservice, strlen(teleservice));
+ strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, teleservice, sizeof(mszBuffer) - strlen(mszBuffer) - 1);
}
DBG("create_result_string: Label Text(telecommSvc) = %d\n", pSSResult->szBearer[index]);
if ((strcmp(flavor, CISS_STR_CALL_FORWARDING_ACTIVE_C_WHEN_NOREPLY) == 0) &&
(pSSResult->nForwardWaitingTime[index] != 0)) {
text = g_strdup_printf("%s %d",CISS_STR_PD_SECONDS, pSSResult->nForwardWaitingTime[index]);
- snprintf(szBuffer, CISS_TEXT_LEN_MAX, "%s %s", flavor, text);
+ ret = snprintf(szBuffer, CISS_TEXT_LEN_MAX, "%s %s", flavor, text);
+ if (ret >= CISS_TEXT_LEN_MAX)
+ ERR("szBuffer is truncated");
free(text);
} else {
strncpy(szBuffer, flavor, CISS_TEXT_LEN_MAX - 1);
}
if (strlen(flavor) > 1) {
- strncat(mszBuffer, "<br>", strlen("<br>"));
- strncat(mszBuffer, " -", strlen(" -"));
- strncat(mszBuffer, szBuffer, strlen(szBuffer));
+ strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, szBuffer, sizeof(mszBuffer) - strlen(mszBuffer) - 1);
}
DBG("\n [CISS-MMI] create_result_string: Label Text(flavor) = %s\n", flavor);
- strncat(mszBuffer, "<br>", strlen("<br>"));
- strncat(mszBuffer, " -", strlen(" -"));
- strncat(mszBuffer, status, strlen(status));
+ strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, status, sizeof(mszBuffer) - strlen(mszBuffer) - 1);
if (strlen(pSSResult->szForwardedToNumber[index]) &&
(strcmp(status, CISS_STR_ACTIVATED) == 0)) {
DBG("\n [CISS-MMI] create_result_string: Forwarded to number = %s\n",
pSSResult->szForwardedToNumber[index]);
- strncat(mszBuffer, "<br>", strlen("<br>"));
- strncat(mszBuffer, " ", strlen(" "));
- strncat(mszBuffer, pSSResult->szForwardedToNumber[index], strlen(pSSResult->szForwardedToNumber[index]));
+ strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, " ", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, pSSResult->szForwardedToNumber[index], sizeof(mszBuffer) - strlen(mszBuffer) - 1);
} else {
DBG("\n [CISS-MMI] create_result_string: Forwarded to number is not need");
}
} else if (pSSResult->szSsType == CISS_SERVICE_BARRING) {
if (strlen(flavor) > 1) {
- strncat(mszBuffer, "<br>", strlen("<br>"));
- strncat(mszBuffer, " -", strlen(" -"));
- strncat(mszBuffer, flavor, strlen(flavor));
+ strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, flavor, sizeof(mszBuffer) - strlen(mszBuffer) - 1);
}
- strncat(mszBuffer, "<br>", strlen("<br>"));
- strncat(mszBuffer, " -", strlen(" -"));
- strncat(mszBuffer, status, strlen(status));
+ strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, status, sizeof(mszBuffer) - strlen(mszBuffer) - 1);
} else if (pSSResult->szSsType == CISS_SERVICE_WAITING) {
- strncat(mszBuffer, "<br>", strlen("<br>"));
- strncat(mszBuffer, " -", strlen("< ->"));
- strncat(mszBuffer, status, strlen(status));
+ strncat(mszBuffer, "<br>", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1);
+ strncat(mszBuffer, status, sizeof(mszBuffer) - strlen(mszBuffer) - 1);
}
- strncpy(result_string, mszBuffer, CISS_USSD_DATA_SIZE_MAX - 1);
+ ret = snprintf(result_string, CISS_USSD_DATA_SIZE_MAX, "%s", mszBuffer);
+ if (ret >= CISS_USSD_DATA_SIZE_MAX)
+ ERR("result_string is truncated");
DBG("Result String:%s\n", result_string);
DBG("Leave");
DBG("\n [CISS-MMI] result.nRecordNum == 0 \n");
if (ciss_result->szSsType == CISS_SERVICE_FORWARDING) {
- strncpy(resultstring[0], "Call Forwarding Data is Erased", CISS_TEXT_LEN_MAX - 1);
- strncat(ss_result_string, "<br> ", strlen("<br> "));
- strncat(ss_result_string, resultstring[0], strlen(resultstring[0]));
- strncat(ss_result_string, "<br> ", strlen("<br> "));
+ strncpy(resultstring[0], "Call Forwarding Data is Erased", CISS_TEXT_LEN_MAX);
+ resultstring[0][CISS_TEXT_LEN_MAX] = '\0';
+ strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+ strncat(ss_result_string, resultstring[0], CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+ strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
} else if (ciss_result->szSsType == CISS_SERVICE_CHANGE_BARRING_PASSWD) {
strncpy(resultstring[0], CISS_STR_PASSWORD_CHANGE, CISS_TEXT_LEN_MAX - 1);
- strncat(ss_result_string, "<br> ", strlen("<br> "));
- strncat(ss_result_string, resultstring[0], strlen(resultstring[0]));
- strncat(ss_result_string, "<br> ", strlen("<br> "));
+ strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+ strncat(ss_result_string, resultstring[0], CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+ strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
strncpy(resultstring[0], CISS_STR_REGISTRATION_SUCCESS, CISS_TEXT_LEN_MAX - 1);
- strncat(ss_result_string, resultstring[0], strlen(resultstring[0]));
- strncat(ss_result_string, "<br> ", strlen("<br> "));
+ strncat(ss_result_string, resultstring[0], CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+ strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
} else {
strncpy(resultstring[0], CISS_STR_SUCCESS, CISS_TEXT_LEN_MAX - 1);
- strncat(ss_result_string, "<br> ", strlen("<br> "));
- strncat(ss_result_string, resultstring[0], strlen(resultstring[0]));
- strncat(ss_result_string, "<br> ", strlen("<br> "));
+ strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+ strncat(ss_result_string, resultstring[0], CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+ strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
}
} else {
int g_count = 0;
}
for (count = 0; count < ciss_result->nRecordNum; count++) {
- strncat(ss_result_string, "<br> ", strlen("<br> "));
- strncat(ss_result_string, resultstring[count], strlen(resultstring[count]));
- strncat(ss_result_string, "<br> ", strlen("<br> "));
+ strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+ strncat(ss_result_string, resultstring[count], CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
+ strncat(ss_result_string, "<br> ", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1);
}
DBG("Final Result string : %s ", ss_result_string);
DBG("Leave");