From e0f39cdf5918bc48328eb8e6493909f5ac48c600 Mon Sep 17 00:00:00 2001
From: Wootak Jung <wootak.jung@samsung.com>
Date: Fri, 31 Mar 2017 13:35:25 +0900
Subject: [PATCH] Fix to use strtok_r() instead of strtok()

- strtok() makes no guarantee of thread safety.

Change-Id: Iaca09badc70a2114325a9e43b2a623c313000bf3
---
 packaging/libtcore.spec  |  2 +-
 src/core_object/co_sat.c |  4 ++--
 src/util.c               | 36 ++++++++++++++++++++++--------------
 3 files changed, 25 insertions(+), 17 deletions(-)

diff --git a/packaging/libtcore.spec b/packaging/libtcore.spec
index 47b02d3..f07718d 100644
--- a/packaging/libtcore.spec
+++ b/packaging/libtcore.spec
@@ -1,6 +1,6 @@
 %define major 0
 %define minor 3
-%define patchlevel 15
+%define patchlevel 16
 
 Name:           libtcore
 Version:        %{major}.%{minor}.%{patchlevel}
diff --git a/src/core_object/co_sat.c b/src/core_object/co_sat.c
index f35a850..7ac0a3a 100644
--- a/src/core_object/co_sat.c
+++ b/src/core_object/co_sat.c
@@ -1137,7 +1137,7 @@ static enum tcore_sat_result _sat_decode_ss_string_tlv(unsigned char *tlv_str, i
 	_sat_decode_ton_npi(src_data[temp_index++], &ss_str_obj->ton, &ss_str_obj->npi);
 	str_ascii = tcore_util_convert_bcd2ascii((const char *)&src_data[temp_index], ss_len-1, SAT_SS_STRING_LEN_MAX);
 	if (str_ascii) {
-		memcpy(ss_str_obj->ss_string, str_ascii, strlen(str_ascii));
+		snprintf(ss_str_obj->ss_string, strlen(str_ascii) + 1, "%s", str_ascii);
 		ss_str_obj->string_len = strlen(str_ascii);
 		g_free(str_ascii);
 	}
@@ -2340,7 +2340,7 @@ static enum tcore_sat_result _sat_decode_other_address_tlv(unsigned char *tlv_st
 
 	/* address */
 	if (address) {
-		memcpy(other_address_obj->address, address, strlen(address));
+		snprintf(other_address_obj->address, strlen(address) + 1, "%s", address);
 		other_address_obj->address_len = strlen(address);
 
 		g_free(address);
diff --git a/src/util.c b/src/util.c
index 7ce3e57..fbc17b8 100644
--- a/src/util.c
+++ b/src/util.c
@@ -2165,22 +2165,26 @@ gboolean tcore_util_is_country_NA(char *plmn)
 gboolean tcore_util_convert_ipv4_secure_log(gchar *input, gchar *output, int output_len)
 {
 	gchar buf[MAX_BUF_SIZE] = {0,};
-	gchar * pch = NULL;
+	gchar *pch = NULL;
 	int count = 0;
+	char *ptr;
 
-	pch = strtok(input, ".");
-	while (pch != NULL)
-	{
+	if (!input)
+		return FALSE;
+
+	pch = strtok_r(input, ".", &ptr);
+	while (pch != NULL) {
 		if (count % 2) {
 			int i = 0;
 			int len = strlen(pch);
-			for (i = 0; i < len;i++)
+			for (i = 0; i < len; i++)
 				g_strlcat(buf, "x", MAX_BUF_SIZE);
 		}
 		else
 			g_strlcat(buf, pch, MAX_BUF_SIZE);
-		pch = strtok(NULL, ".");
-		if(pch)
+
+		pch = strtok_r(NULL, ".", &ptr);
+		if (pch)
 			g_strlcat(buf, ".", MAX_BUF_SIZE);
 		count++;
 	}
@@ -2192,22 +2196,26 @@ gboolean tcore_util_convert_ipv4_secure_log(gchar *input, gchar *output, int out
 gboolean tcore_util_convert_ipv6_secure_log(gchar *input, gchar *output, int output_len)
 {
 	gchar buf[MAX_BUF_SIZE] = {0,};
-	gchar * pch = NULL;
+	gchar *pch = NULL;
 	int count = 0;
+	char *ptr;
 
-	pch = strtok(input, ":");
-	while (pch != NULL)
-	{
+	if (!input)
+		return FALSE;
+
+	pch = strtok_r(input, ":", &ptr);
+	while (pch != NULL) {
 		if (count % 2) {
 			int i = 0;
 			int len = strlen(pch);
-			for (i = 0; i < len;i++)
+			for (i = 0; i < len; i++)
 				g_strlcat(buf, "x", MAX_BUF_SIZE);
 		}
 		else
 			g_strlcat(buf, pch, MAX_BUF_SIZE);
-		pch = strtok(NULL, ":");
-		if(pch)
+
+		pch = strtok_r(NULL, ":", &ptr);
+		if (pch)
 			g_strlcat(buf, ":", MAX_BUF_SIZE);
 		count++;
 	}
-- 
2.7.4