[WGID-201581, 201592] Fixed for secure coding

sscanf() is replaced with strtol()

Change-Id: I93ce13af6d3c125618006d2e4c384e2060fec007
Signed-off-by: Taesub Kim <taesub.kim@samsung.com>

diff --git a/sources/libraries/Common/common_ip_info.c b/sources/libraries/Common/common_ip_info.c
index 8244484..0f2b58c 100755 (executable)
--- a/sources/libraries/Common/common_ip_info.c
+++ b/sources/libraries/Common/common_ip_info.c
@@ -271,7 +271,7 @@ static void _ip_info_entry_changed_cb(void *data,
                        entry_info->entry_txt = NULL;
 
                if (entry_text != NULL)
-                       sscanf(entry_text, "%d", &port_num);
+                       port_num = (int)strtol(entry_text, NULL, 10);
 
                if (port_num > MAX_PORT_NUMBER) {
                        entry_pos = elm_entry_cursor_pos_get(obj);
@@ -313,6 +313,22 @@ static void _ip_info_entry_focused_cb(void *data, Evas_Object *obj, void *event_
        elm_object_item_signal_emit(entry_info->item, "elm,state,rename,hide", "");
 }
 
+
+static gboolean __is_valid_static_ip_string_length(const gchar *text)
+{
+       if (!text) {
+               INFO_LOG(UG_NAME_ERR, "IP address text is NULL");
+               return FALSE;
+       } else {
+               size_t len = strlen(text);
+               if (len == 0 || len > 15) {
+                       INFO_LOG(UG_NAME_ERR, "IP address text string length is not valid");
+                       return FALSE;
+               }
+       }
+       return TRUE;
+}
+
 static void _ip_info_entry_unfocused_cb(void *data, Evas_Object *obj, void *event_info)
 {
        common_utils_entry_info_t *entry_info = (common_utils_entry_info_t *)data;
@@ -325,9 +341,12 @@ static void _ip_info_entry_unfocused_cb(void *data, Evas_Object *obj, void *even
        if (panel_type == ELM_INPUT_PANEL_LAYOUT_IP) {
                int ip_addr[4] = {0};
                char *entry_text = elm_entry_markup_to_utf8(elm_entry_entry_get(obj));
+               if (!__is_valid_static_ip_string_length(entry_text)) {
+                       INFO_LOG(UG_NAME_ERR, "Invalid IP address.");
+                       free(entry_text);
+                       return;
+               }
                if (entry_text && (strlen(entry_text) > 0)) {
-                       sscanf(entry_text, "%d.%d.%d.%d", &ip_addr[0], &ip_addr[1], &ip_addr[2], &ip_addr[3]);
-                       g_snprintf(entry_text, 16, "%d.%d.%d.%d", ip_addr[0], ip_addr[1], ip_addr[2], ip_addr[3]);
                        elm_entry_entry_set(obj, entry_text);
                        if (entry_info->entry_txt) {
                                g_free(entry_info->entry_txt);