From 74ab7a7ff852baab940fd9367cf1b7dbd63a2369 Mon Sep 17 00:00:00 2001
From: "ch79.cho" <ch79.cho@samsung.com>
Date: Wed, 28 Sep 2016 15:52:40 +0900
Subject: [PATCH] Replace gets function

gets() function does not check for buffer length
and always results in a vulnerability.

Change-Id: I74abbe3f8a746513bb955455891ab1ca4746f1a7
Signed-off-by: ch79.cho <ch79.cho@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/12395
Reviewed-by: JungYong KIM <jyong2.kim@samsung.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Uze Choi <uzchoi@samsung.com>
---
 .../examples/linux/notificationconsumer.c          | 33 ++++++++++++++--------
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/service/notification/examples/linux/notificationconsumer.c b/service/notification/examples/linux/notificationconsumer.c
index 6142d22..bef1e20 100644
--- a/service/notification/examples/linux/notificationconsumer.c
+++ b/service/notification/examples/linux/notificationconsumer.c
@@ -34,11 +34,11 @@
 
 #define CLOUD_CONTEXT_VALUE 0x99
 
-char CLOUD_ADDRESS[50];
-char CLOUD_AUTH_PROVIDER[50];
-char CLOUD_AUTH_CODE[50];
-char CLOUD_UID[50];
-char CLOUD_ACCESS_TOKEN[50];
+char CLOUD_ADDRESS[100];
+char CLOUD_AUTH_PROVIDER[100];
+char CLOUD_AUTH_CODE[100];
+char CLOUD_UID[100];
+char CLOUD_ACCESS_TOKEN[100];
 #endif
 
 
@@ -122,6 +122,17 @@ void* OCProcessThread(void * ptr)
     return NULL;
 }
 
+void input(char * buffer)
+{
+    char ch;
+    int i = 0;
+
+    while( (ch = getchar()) != '\n' && i < 100)
+        buffer[i++] = ch;
+
+    buffer[i] = '\0';
+}
+
 int main(void)
 {
     bool isExit = false;
@@ -251,13 +262,13 @@ int main(void)
                 break;
             case 31:
                 printf("Remote Server Address: ");
-                gets(CLOUD_ADDRESS);
+                input(CLOUD_ADDRESS);
 
                 printf("Auth Provider(eg. github): ");
-                gets(CLOUD_AUTH_PROVIDER);
+                input(CLOUD_AUTH_PROVIDER);
 
                 printf("Auth Code: ");
-                gets(CLOUD_AUTH_CODE);
+                input(CLOUD_AUTH_CODE);
 
                 OCCloudSignup(CLOUD_ADDRESS, OCGetServerInstanceIDString(),
                     CLOUD_AUTH_PROVIDER, CLOUD_AUTH_CODE, CloudSignupCallback);
@@ -265,13 +276,13 @@ int main(void)
                 break;
             case 32:
                 printf("Remote Server Address: ");
-                gets(CLOUD_ADDRESS);
+                input(CLOUD_ADDRESS);
 
                 printf("UID: ");
-                gets(CLOUD_UID);
+                input(CLOUD_UID);
 
                 printf("ACCESS_TOKEN: ");
-                gets(CLOUD_ACCESS_TOKEN);
+                input(CLOUD_ACCESS_TOKEN);
 
                 OCCloudLogin(CLOUD_ADDRESS, CLOUD_UID, OCGetServerInstanceIDString(),
                     CLOUD_ACCESS_TOKEN, CloudLoginoutCallback);
-- 
2.7.4