From 0e7a6577b3ad71cd88d9fb04a8cb4fc60c5d173a Mon Sep 17 00:00:00 2001 From: Milind Ramesh Murhekar Date: Mon, 17 Jul 2017 17:01:08 +0530 Subject: [PATCH] Use read() instead of scanf for string inputs in test-app Description: This patch uses read() instead of scanf for SSID, passphrase and WPS PIN inputs. should use read() for buffer overflow protection, to take control over the user input string. Change-Id: I22313a145921ef1023f7ef8d40f94aa305fe8867 Signed-off-by: Milind Ramesh Murhekar --- test/tethering_test.c | 46 +++++++++++++++++++++++++++++++++------------- 1 file changed, 33 insertions(+), 13 deletions(-) diff --git a/test/tethering_test.c b/test/tethering_test.c index a6d00f6..03c85bb 100755 --- a/test/tethering_test.c +++ b/test/tethering_test.c @@ -90,6 +90,25 @@ static bool __is_err(tethering_error_e ret) return true; } +static bool test_get_user_string(const char *msg, char *buf, int buf_size) +{ + if (msg == NULL || buf == NULL || buf_size < 2) + return false; + + int rv; + printf("%s\n", msg); + memset(buf, 0, buf_size); + rv = read(0, buf, buf_size - 1); + + if (rv < 0 || buf[0] == '\0' || buf[0] == '\n' || buf[0] == '\r') { + buf[0] = '\0'; + return false; + } + + buf[rv-1] = '\0'; + return true; +} + static const char *__convert_tethering_type_to_str(const tethering_type_e type) { static char str_buf[COMMON_STR_BUF_LEN] = {0, }; @@ -776,12 +795,11 @@ static int test_tethering_wifi_get_setting(void) static int test_tethering_wifi_set_ssid(void) { int ret; - char ssid[100]; + char ssid[100] = {0, }; - printf("Input SSID for Wi-Fi tethering: "); - ret = scanf("%99s", ssid); - if (ret < 0) { - printf("scanf is failed!!\n"); + if (test_get_user_string("Input SSID for Wi-Fi tethering:", + ssid, 100) == false) { + printf("Failed to read user input!!\n"); return -1; } @@ -839,12 +857,11 @@ int test_tethering_wifi_set_visibility(void) static int test_tethering_wifi_set_passphrase(void) { int ret; - char passphrase[100]; + char passphrase[100] = {0, }; - printf("Input passphrase for Wi-Fi tethering: "); - ret = scanf("%99s", passphrase); - if (ret < 0) { - printf("scanf is failed!!\n"); + if (test_get_user_string("Input passphrase for Wi-Fi tethering:", + passphrase, 100) == false) { + printf("Failed to read user input!!\n"); return -1; } @@ -1322,10 +1339,13 @@ static int test_tethering_wifi_push_wps_button(void) static int test_tethering_wifi_set_wps_pin(void) { int ret = 0; - char wps_pin[128]; + char wps_pin[128] = {0, }; - printf("Input WPS PIN: "); - ret = scanf("%127s", wps_pin); + if (test_get_user_string("Input WPS PIN: ", + wps_pin, 128) == false) { + printf("Failed to read user input!!\n"); + return -1; + } ret = tethering_wifi_set_wps_pin(th, wps_pin); if (__is_err(ret) == true) { -- 2.7.4