From 8a4a3433130a9c1002de718599df2a521e3c8094 Mon Sep 17 00:00:00 2001 From: Semun Lee Date: Fri, 3 Jan 2020 13:14:39 +0900 Subject: [PATCH] Fix string buffer size related warnings This is for fixing build error with gcc 9 Change-Id: Ia4c6865d7cc5579663a2bc8acf6c8f8af809f15a Signed-off-by: Semun Lee --- include/ciss-types.h | 2 +- src/ciss-parser.c | 29 ++++++++++++------ src/ciss-resp.c | 86 ++++++++++++++++++++++++++++------------------------ src/ciss-util.c | 5 +-- 4 files changed, 70 insertions(+), 52 deletions(-) diff --git a/include/ciss-types.h b/include/ciss-types.h index 38873e8..69ee498 100644 --- a/include/ciss-types.h +++ b/include/ciss-types.h @@ -36,7 +36,7 @@ #define MAX_SC_LEN 3 /**< Maximum length of service code */ #define ENCODE_TYPE_GSM 0x0F /**< the value of the GSM encoding fromat for ussd */ #define CISS_MMI_MAX_USSD_RESP_STRING 300 -#define CISS_MMI_MAX_SS_RESP_STRING 1664 +#define CISS_MMI_MAX_SS_RESP_STRING (1664 + 384) /**< tags can be added to the resp string. so size need to be larger than 1664 */ #define POPUP_DISPLAY_DURATION 70.0 #define TAPI_EVENT_SS_USSD_IND 100 #define TAPI_EVENT_SS_USSD_RESP 101 diff --git a/src/ciss-parser.c b/src/ciss-parser.c index 9495915..a124ea3 100644 --- a/src/ciss-parser.c +++ b/src/ciss-parser.c @@ -191,7 +191,8 @@ static unsigned char __ciss_parse_mmi_string(ciss_mmi_context_t *mmi_ctx, int *e DBG("\n [CISS-ENGINE] sia = %s, sib = %s, sic = %s", sia, sib, sic); } - strncpy(mmi_ctx->ss_code, ss_code, MAX_SC_LEN); + strncpy(mmi_ctx->ss_code, ss_code, MAX_SC_LEN + 1); + mmi_ctx->ss_code[MAX_SC_LEN] = '\0'; if ((ss_operation != registerPassword) && (ss_operation != NULL_SS_OPERATION)) { if (!_ciss_convert_sc_to_tapi_flavor(ss_code, &tapi_flavor, &ss_type)) { @@ -206,12 +207,14 @@ static unsigned char __ciss_parse_mmi_string(ciss_mmi_context_t *mmi_ctx, int *e if ((ss_operation != registerPassword) && ((ss_type == CISS_SERVICE_FORWARDING) || (ss_type == CISS_SERVICE_BARRING))) { - strncpy(bsg, sib, MAX_SIB_LEN); + strncpy(bsg, sib, MAX_SIA_LEN + 1); + bsg[MAX_SIA_LEN] = '\0'; } else if (ss_type == CISS_SERVICE_WAITING) { if ((sib[0] != 0) || (sic[0] != 0)) { ss_operation = NULL_SS_OPERATION; } else { strncpy(bsg, sia, MAX_SIA_LEN); + bsg[MAX_SIA_LEN] = '\0'; } } else { bsg[0] = '\0'; @@ -230,8 +233,8 @@ static unsigned char __ciss_parse_mmi_string(ciss_mmi_context_t *mmi_ctx, int *e if (ss_operation != NULL_SS_OPERATION) { if (ss_type == CISS_SERVICE_FORWARDING) { if (sia[0] != '\0') { - strncpy(mmi_ctx->forward_number, sia, strlen(sia)); - mmi_ctx->forward_number[strlen(sia)] = '\0'; + strncpy(mmi_ctx->forward_number, sia, CISS_NUMBER_LEN_MAX + 1); + mmi_ctx->forward_number[CISS_NUMBER_LEN_MAX] = '\0'; } } } @@ -296,16 +299,22 @@ static unsigned char __ciss_parse_mmi_string(ciss_mmi_context_t *mmi_ctx, int *e memset(mmi_ctx->ss_password, '\0', CISS_MAX_PASSWORD_LEN + 1); memset(mmi_ctx->ss_new_password, '\0', CISS_MAX_PASSWORD_LEN + 1); memset(mmi_ctx->ss_new_password2, '\0', CISS_MAX_PASSWORD_LEN + 1); - strncpy(mmi_ctx->ss_password, sia, CISS_MAX_PASSWORD_LEN); - strncpy(mmi_ctx->ss_new_password, sib, CISS_MAX_PASSWORD_LEN); - strncpy(mmi_ctx->ss_new_password2, sic, CISS_MAX_PASSWORD_LEN); + strncpy(mmi_ctx->ss_password, sia, CISS_MAX_PASSWORD_LEN + 1); + mmi_ctx->ss_password[CISS_MAX_PASSWORD_LEN] = '\0'; + strncpy(mmi_ctx->ss_new_password, sib, CISS_MAX_PASSWORD_LEN + 1); + mmi_ctx->ss_new_password[CISS_MAX_PASSWORD_LEN] = '\0'; + strncpy(mmi_ctx->ss_new_password2, sic, CISS_MAX_PASSWORD_LEN + 1); + mmi_ctx->ss_new_password2[CISS_MAX_PASSWORD_LEN] = '\0'; } else { memset(mmi_ctx->ss_password, '\0', CISS_MAX_PASSWORD_LEN + 1); memset(mmi_ctx->ss_new_password, '\0', CISS_MAX_PASSWORD_LEN + 1); memset(mmi_ctx->ss_new_password2, '\0', CISS_MAX_PASSWORD_LEN + 1); - strncpy(mmi_ctx->ss_password, sia, CISS_MAX_PASSWORD_LEN); - strncpy(mmi_ctx->ss_new_password, sib, CISS_MAX_PASSWORD_LEN); - strncpy(mmi_ctx->ss_new_password2, sic, CISS_MAX_PASSWORD_LEN); + strncpy(mmi_ctx->ss_password, sia, CISS_MAX_PASSWORD_LEN + 1); + mmi_ctx->ss_password[CISS_MAX_PASSWORD_LEN] = '\0'; + strncpy(mmi_ctx->ss_new_password, sib, CISS_MAX_PASSWORD_LEN + 1); + mmi_ctx->ss_new_password[CISS_MAX_PASSWORD_LEN] = '\0'; + strncpy(mmi_ctx->ss_new_password2, sic, CISS_MAX_PASSWORD_LEN + 1); + mmi_ctx->ss_new_password2[CISS_MAX_PASSWORD_LEN] = '\0'; } } diff --git a/src/ciss-resp.c b/src/ciss-resp.c index 8fbfa61..112537c 100644 --- a/src/ciss-resp.c +++ b/src/ciss-resp.c @@ -322,6 +322,7 @@ static void __ciss_ui_mmi_create_cnap_result_string(ciss_result_t *result, char static void __ciss_ui_mmi_create_mmi_result_string(ciss_result_t *pSSResult, int index, char *result_string) { DBG("Enter"); + int ret; char mszBuffer[CISS_TEXT_LEN_MAX*5]; char szBuffer[CISS_TEXT_LEN_MAX]; char service[CISS_TEXT_LEN_MAX]; @@ -336,13 +337,15 @@ static void __ciss_ui_mmi_create_mmi_result_string(ciss_result_t *pSSResult, int _ciss_ui_mmi_get_result_status_type(pSSResult->szSsType, pSSResult->szResult[index], status); //strncpy(mszBuffer, service, CISS_TEXT_LEN_MAX - 1); - snprintf(mszBuffer, CISS_TEXT_LEN_MAX, "


%s", service); + ret = snprintf(mszBuffer, CISS_TEXT_LEN_MAX, "


%s", service); + if (ret >= CISS_TEXT_LEN_MAX) + ERR("mszBuffer is truncated"); mszBuffer[CISS_TEXT_LEN_MAX - 1] = '\0'; if (strlen(teleservice)) { - strncat(mszBuffer, "
", strlen("
")); - strncat(mszBuffer, " -", strlen(" -")); - strncat(mszBuffer, teleservice, strlen(teleservice)); + strncat(mszBuffer, "
", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, teleservice, sizeof(mszBuffer) - strlen(mszBuffer) - 1); } DBG("create_result_string: Label Text(telecommSvc) = %d\n", pSSResult->szBearer[index]); @@ -350,7 +353,9 @@ static void __ciss_ui_mmi_create_mmi_result_string(ciss_result_t *pSSResult, int if ((strcmp(flavor, CISS_STR_CALL_FORWARDING_ACTIVE_C_WHEN_NOREPLY) == 0) && (pSSResult->nForwardWaitingTime[index] != 0)) { text = g_strdup_printf("%s %d",CISS_STR_PD_SECONDS, pSSResult->nForwardWaitingTime[index]); - snprintf(szBuffer, CISS_TEXT_LEN_MAX, "%s %s", flavor, text); + ret = snprintf(szBuffer, CISS_TEXT_LEN_MAX, "%s %s", flavor, text); + if (ret >= CISS_TEXT_LEN_MAX) + ERR("szBuffer is truncated"); free(text); } else { strncpy(szBuffer, flavor, CISS_TEXT_LEN_MAX - 1); @@ -358,43 +363,45 @@ static void __ciss_ui_mmi_create_mmi_result_string(ciss_result_t *pSSResult, int } if (strlen(flavor) > 1) { - strncat(mszBuffer, "
", strlen("
")); - strncat(mszBuffer, " -", strlen(" -")); - strncat(mszBuffer, szBuffer, strlen(szBuffer)); + strncat(mszBuffer, "
", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, szBuffer, sizeof(mszBuffer) - strlen(mszBuffer) - 1); } DBG("\n [CISS-MMI] create_result_string: Label Text(flavor) = %s\n", flavor); - strncat(mszBuffer, "
", strlen("
")); - strncat(mszBuffer, " -", strlen(" -")); - strncat(mszBuffer, status, strlen(status)); + strncat(mszBuffer, "
", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, status, sizeof(mszBuffer) - strlen(mszBuffer) - 1); if (strlen(pSSResult->szForwardedToNumber[index]) && (strcmp(status, CISS_STR_ACTIVATED) == 0)) { DBG("\n [CISS-MMI] create_result_string: Forwarded to number = %s\n", pSSResult->szForwardedToNumber[index]); - strncat(mszBuffer, "
", strlen("
")); - strncat(mszBuffer, " ", strlen(" ")); - strncat(mszBuffer, pSSResult->szForwardedToNumber[index], strlen(pSSResult->szForwardedToNumber[index])); + strncat(mszBuffer, "
", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, " ", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, pSSResult->szForwardedToNumber[index], sizeof(mszBuffer) - strlen(mszBuffer) - 1); } else { DBG("\n [CISS-MMI] create_result_string: Forwarded to number is not need"); } } else if (pSSResult->szSsType == CISS_SERVICE_BARRING) { if (strlen(flavor) > 1) { - strncat(mszBuffer, "
", strlen("
")); - strncat(mszBuffer, " -", strlen(" -")); - strncat(mszBuffer, flavor, strlen(flavor)); + strncat(mszBuffer, "
", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, flavor, sizeof(mszBuffer) - strlen(mszBuffer) - 1); } - strncat(mszBuffer, "
", strlen("
")); - strncat(mszBuffer, " -", strlen(" -")); - strncat(mszBuffer, status, strlen(status)); + strncat(mszBuffer, "
", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, status, sizeof(mszBuffer) - strlen(mszBuffer) - 1); } else if (pSSResult->szSsType == CISS_SERVICE_WAITING) { - strncat(mszBuffer, "
", strlen("
")); - strncat(mszBuffer, " -", strlen("< ->")); - strncat(mszBuffer, status, strlen(status)); + strncat(mszBuffer, "
", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, " -", sizeof(mszBuffer) - strlen(mszBuffer) - 1); + strncat(mszBuffer, status, sizeof(mszBuffer) - strlen(mszBuffer) - 1); } - strncpy(result_string, mszBuffer, CISS_USSD_DATA_SIZE_MAX - 1); + ret = snprintf(result_string, CISS_USSD_DATA_SIZE_MAX, "%s", mszBuffer); + if (ret >= CISS_USSD_DATA_SIZE_MAX) + ERR("result_string is truncated"); DBG("Result String:%s\n", result_string); DBG("Leave"); @@ -516,24 +523,25 @@ static int __ciss_create_ss_result_string(char *ss_result_string /*out */, ciss_ DBG("\n [CISS-MMI] result.nRecordNum == 0 \n"); if (ciss_result->szSsType == CISS_SERVICE_FORWARDING) { - strncpy(resultstring[0], "Call Forwarding Data is Erased", CISS_TEXT_LEN_MAX - 1); - strncat(ss_result_string, "
", strlen("
")); - strncat(ss_result_string, resultstring[0], strlen(resultstring[0])); - strncat(ss_result_string, "
", strlen("
")); + strncpy(resultstring[0], "Call Forwarding Data is Erased", CISS_TEXT_LEN_MAX); + resultstring[0][CISS_TEXT_LEN_MAX] = '\0'; + strncat(ss_result_string, "
", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); + strncat(ss_result_string, resultstring[0], CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); + strncat(ss_result_string, "
", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); } else if (ciss_result->szSsType == CISS_SERVICE_CHANGE_BARRING_PASSWD) { strncpy(resultstring[0], CISS_STR_PASSWORD_CHANGE, CISS_TEXT_LEN_MAX - 1); - strncat(ss_result_string, "
", strlen("
")); - strncat(ss_result_string, resultstring[0], strlen(resultstring[0])); - strncat(ss_result_string, "
", strlen("
")); + strncat(ss_result_string, "
", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); + strncat(ss_result_string, resultstring[0], CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); + strncat(ss_result_string, "
", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); strncpy(resultstring[0], CISS_STR_REGISTRATION_SUCCESS, CISS_TEXT_LEN_MAX - 1); - strncat(ss_result_string, resultstring[0], strlen(resultstring[0])); - strncat(ss_result_string, "
", strlen("
")); + strncat(ss_result_string, resultstring[0], CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); + strncat(ss_result_string, "
", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); } else { strncpy(resultstring[0], CISS_STR_SUCCESS, CISS_TEXT_LEN_MAX - 1); - strncat(ss_result_string, "
", strlen("
")); - strncat(ss_result_string, resultstring[0], strlen(resultstring[0])); - strncat(ss_result_string, "
", strlen("
")); + strncat(ss_result_string, "
", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); + strncat(ss_result_string, resultstring[0], CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); + strncat(ss_result_string, "
", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); } } else { int g_count = 0; @@ -544,9 +552,9 @@ static int __ciss_create_ss_result_string(char *ss_result_string /*out */, ciss_ } for (count = 0; count < ciss_result->nRecordNum; count++) { - strncat(ss_result_string, "
", strlen("
")); - strncat(ss_result_string, resultstring[count], strlen(resultstring[count])); - strncat(ss_result_string, "
", strlen("
")); + strncat(ss_result_string, "
", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); + strncat(ss_result_string, resultstring[count], CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); + strncat(ss_result_string, "
", CISS_MMI_MAX_SS_RESP_STRING - strlen(ss_result_string) - 1); } DBG("Final Result string : %s ", ss_result_string); DBG("Leave"); diff --git a/src/ciss-util.c b/src/ciss-util.c index 7bb0eec..56040d6 100644 --- a/src/ciss-util.c +++ b/src/ciss-util.c @@ -29,8 +29,8 @@ char *_ciss_strcpy(char *pBuffer, int nBufCount, const char *pszString) memset(pBuffer, 0, nBufCount*sizeof(char)); if ((nBufCount - 1) >= (int)strlen(pszString)) { - strncpy(pBuffer, pszString, (int)strlen(pszString)); - pBuffer[(int)strlen(pszString)] = '\0'; + strncpy(pBuffer, pszString, nBufCount); + pBuffer[nBufCount - 1] = '\0'; } else { DBG("\n [CISS-ENGINE] _ciss_strcpy:short of buffer..BufCount=%d, strlen=%zu, str=%s\n", nBufCount, strlen(pszString), pszString); strncpy(pBuffer, pszString, (nBufCount - 1)); @@ -295,6 +295,7 @@ unsigned int _ciss_util_get_mcc(void) /*First 3 digits of plmn value constitutes the mcc value */ strncpy(mcc_value, plmn_string, 3); + mcc_value[3] = '\0'; mcc = (unsigned int)atoi(mcc_value); } else { ERR("vconf_get_int failed..[%d]", ret); -- 2.7.4