From 4ac21f065674dd7c1b11a0918953fc552ec9a924 Mon Sep 17 00:00:00 2001
From: Kyungwook Tak <k.tak@samsung.com>
Date: Wed, 2 Mar 2016 20:45:52 +0900
Subject: [PATCH] Use snprintf instead of sprintf to be safe

Change-Id: I664d9f039b09b576c4ebe84c29d8a7c459bc1384
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
---
 srcs/key_handler.c | 23 ++++++++++++++++++-----
 srcs/key_handler.h |  2 +-
 tests/wae_tests.c  |  6 +++---
 3 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/srcs/key_handler.c b/srcs/key_handler.c
index 7c986c0..7b050d6 100644
--- a/srcs/key_handler.c
+++ b/srcs/key_handler.c
@@ -231,9 +231,16 @@ error:
 }
 
 
-int _get_preloaded_app_dek_file_path(const char* pPkgId, char *path)
+int _get_preloaded_app_dek_file_path(const char* pPkgId, size_t size, char *path)
 {
-    sprintf(path, "%s/%s_%s.adek", _get_dek_store_path(), APP_DEK_FILE_PFX, pPkgId);
+    int ret = -1;
+
+    ret = snprintf(path, size, "%s/%s_%s.adek",
+            _get_dek_store_path(), APP_DEK_FILE_PFX, pPkgId);
+
+    if (ret < 0)
+        return WAE_ERROR_INVALID_PARAMETER; /* buffer size too small */
+
     return WAE_ERROR_NONE;
 }
 
@@ -258,14 +265,14 @@ int _extract_pkg_id_from_file_name(const char* fileName, char* pkgId)
 int _read_encrypted_app_dek_from_file(const char* pPkgId, unsigned char** encrypted_app_dek, size_t *len)
 {
     char path[MAX_PATH_LEN] = {0,};
-    _get_preloaded_app_dek_file_path(pPkgId, path);
+    _get_preloaded_app_dek_file_path(pPkgId, sizeof(path), path);
     return _read_from_file(path, encrypted_app_dek, len);
 }
 
 int _write_encrypted_app_dek_to_file(const char* pPkgId, const unsigned char* encrypted_app_dek, size_t len)
 {
     char path[MAX_PATH_LEN] = {0,};
-    _get_preloaded_app_dek_file_path(pPkgId, path);
+    _get_preloaded_app_dek_file_path(pPkgId, sizeof(path), path);
     return _write_to_file( path, encrypted_app_dek, len);
 }
 
@@ -683,7 +690,13 @@ int load_preloaded_app_deks(int reload)
         // regular file && start with KEY_MANAGER_INITIAL_VALUE_FILE_PFX
         if(entry.d_type == DT_REG && strstr(entry.d_name, APP_DEK_FILE_PFX) != NULL) {
             memset(file_path_buff, 0, sizeof(file_path_buff));
-            sprintf(file_path_buff, "%s/%s", _get_dek_store_path(), entry.d_name);
+            ret = snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s",
+                    _get_dek_store_path(), entry.d_name);
+            if(ret < 0) {
+                WAE_SLOGE("Failed to make file path by snprintf.");
+                ret = WAE_ERROR_INVALID_PARAMETER; /* buffer size too small */
+                goto error;
+            }
 
             ret = _extract_pkg_id_from_file_name(entry.d_name, pkgId);
             if(ret != WAE_ERROR_NONE) {
diff --git a/srcs/key_handler.h b/srcs/key_handler.h
index 03de1ab..a417fdd 100644
--- a/srcs/key_handler.h
+++ b/srcs/key_handler.h
@@ -61,7 +61,7 @@ const char* _get_dek_kek_pub_key_path();
 const char* _get_dek_kek_pri_key_path();
 const char* _get_dek_store_path();
 int _add_dek_to_key_manager(const char* pPkgId, wae_app_type_e appType, const unsigned char* pDek, size_t len);
-int _get_preloaded_app_dek_file_path(const char* pPkgId, char *path);
+int _get_preloaded_app_dek_file_path(const char* pPkgId, size_t size, char *path);
 int _extract_pkg_id_from_file_name(const char* fileName, char* pkgId);
 int _read_encrypted_app_dek_from_file(const char* pPkgId, unsigned char** encrypted_app_dek, size_t*len);
 int _write_encrypted_app_dek_to_file(const char* pPkgId, const unsigned char* encrypted_app_dek, size_t len);
diff --git a/tests/wae_tests.c b/tests/wae_tests.c
index 631e9ea..0b584e5 100644
--- a/tests/wae_tests.c
+++ b/tests/wae_tests.c
@@ -430,7 +430,7 @@ int wae_tc_get_preloaded_app_dek_file_path()
     char path[256];
 
     FPRINTF("...expected path : %s\n", expectedPath);
-    ret = _get_preloaded_app_dek_file_path(pkgId, path);
+    ret = _get_preloaded_app_dek_file_path(pkgId, sizeof(path), path);
     FPRINTF("...returned path : %s\n", path);
 
     if(ret != WAE_ERROR_NONE || strncmp(expectedPath, path, strlen(expectedPath)) != 0) {
@@ -623,8 +623,8 @@ int wae_tc_load_preloaded_app_deks()
     char path2[MAX_PATH_LEN] = {0, };
     FILE *f2 = NULL;
 
-    _get_preloaded_app_dek_file_path(pkgId1, path1);
-    _get_preloaded_app_dek_file_path(pkgId2, path2);
+    _get_preloaded_app_dek_file_path(pkgId1, sizeof(path1), path1);
+    _get_preloaded_app_dek_file_path(pkgId2, sizeof(path2), path2);
 
     // remove old test data
     remove_app_dek(pkgId1, WAE_PRELOADED_APP);
-- 
2.7.4