From 5a3e4e72900f5526c676aabae4465024cfe02491 Mon Sep 17 00:00:00 2001
From: Seonah Moon <seonah1.moon@samsung.com>
Date: Fri, 31 Jan 2020 15:17:02 +0900
Subject: [PATCH] Fix buffer overflow

WGID-423439

Change-Id: I794e900497d91622dcf05175cd414336f2aed955
---
 test/vpn_test.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/test/vpn_test.c b/test/vpn_test.c
index 0c28aed..804d6f8 100755
--- a/test/vpn_test.c
+++ b/test/vpn_test.c
@@ -39,6 +39,8 @@
 #define CLIENT_PRIVATE_KEY "client-private.PEM"
 #endif
 
+#define MAX_USER_INPUT_LEN 200
+
 gboolean test_thread(GIOChannel *source,
 			GIOCondition condition,
 			gpointer data);
@@ -317,8 +319,11 @@ static void _test_get_vpn_handle(vpn_h *handle_ptr)
 
 static void _test_get_user_input(char *buf, char *what)
 {
+	char format[12];
+
+	snprintf(format, 12, " %%%d[^\n]s", MAX_USER_INPUT_LEN);
 	printf("Please ENTER %s:", what);
-	if (scanf(" %[^\n]s", buf) < 0)
+	if (scanf(format, buf) < 0)
 		printf("Error in Reading the data to Buffer\n");
 }
 
@@ -372,7 +377,7 @@ int test_vpn_settings_init(void)
 int test_vpn_settings_add(void)
 {
 	int rv = 0;
-	char buf[100];
+	char buf[MAX_USER_INPUT_LEN + 1];
 
 	_test_get_user_input(&buf[0], "Type");
 	rv = vpn_settings_set_type(&buf[0]);
@@ -431,8 +436,8 @@ int test_vpn_settings_deinit(void)
 int test_vpn_settings_set_specific(void)
 {
 	int rv = 0;
-	char key[100];
-	char value[200];
+	char key[MAX_USER_INPUT_LEN + 1];
+	char value[MAX_USER_INPUT_LEN + 1];
 
 	_test_get_user_input(&key[0], "Key");
 	_test_get_user_input(&value[0], "Value");
-- 
2.34.1