Fixes vulnerable functions 'scanf'

Change-Id: I8c7042d563f5f38687497f160819ad835fe86f84

diff --git a/test/location_test.c b/test/location_test.c
index 8f02e76..1d884e5 100755 (executable)
--- a/test/location_test.c
+++ b/test/location_test.c
@@ -441,6 +441,20 @@ static int test_set_mock_location(gpointer user_data)
        return FALSE;
 }
 
+static int scanf_safety(const char *format, ...)
+{
+       char line[256];
+       if (fgets(line, sizeof(line), stdin) == NULL)
+               return -1;
+
+       va_list args;
+       va_start(args, format);
+       int ret = vsscanf(line, format, args);
+       va_end(args);
+
+       return ret;
+}
+
 static void print_menu()
 {
        fprintf(stderr, "============= LOCATION TEST =============\n");
@@ -465,7 +479,7 @@ static void print_menu()
        fprintf(stderr, "[0] Exit!!!\n\n");
        fprintf(stderr, "Select menu: ");
 
-       if (scanf("%d", &menu) < 0)
+       if (scanf_safety("%d", &menu) < 0)
                fprintf(stderr, "Can't read menu !!!\n");
 }
 
@@ -504,7 +518,7 @@ static int location_test()
                int timeout = 60;
 
                fprintf(stderr, "\n     Input timeout ==> ");
-               ret = scanf("%d", &timeout);
+               ret = scanf_safety("%d", &timeout);
 
                int method = menu - 4;
                ret = location_manager_create(method, &manager);
@@ -518,7 +532,7 @@ static int location_test()
                int interval = 1;
 
                fprintf(stderr, "\n     Input position interval ==> ");
-               ret = scanf("%d", &interval);
+               ret = scanf_safety("%d", &interval);
 
                if (interval > 120 || interval < 1)
                        interval = 1;
@@ -549,7 +563,7 @@ static int location_test()
                int method = menu - 21;
 
                fprintf(stderr, "\n     Input position interval ==> ");
-               ret = scanf("%d", &interval);
+               ret = scanf_safety("%d", &interval);
 
                ret = location_manager_create(method, &manager);
                fprintf(stderr, "location_manager_create (method : %d)", method);
@@ -567,11 +581,11 @@ static int location_test()
        case 31: {
                int interval = 1;
                fprintf(stderr, "\n     Input batch interval ==> ");
-               ret = scanf("%d", &interval);
+               ret = scanf_safety("%d", &interval);
 
                int period = 60;
                fprintf(stderr, "       Input batch period ==> ");
-               ret = scanf("%d", &period);
+               ret = scanf_safety("%d", &period);
 
                ret = location_manager_create(LOCATIONS_METHOD_GPS, &manager);
                fprintf(stderr, "location_manager_create (method : %d)\n", LOCATIONS_METHOD_GPS);
@@ -588,7 +602,7 @@ static int location_test()
                int onoff = 1;
 
                fprintf(stderr, "\n     Mock Location (ON: 1 or OFF: 0) Input ==> ");
-               ret = scanf("%d", &onoff);
+               ret = scanf_safety("%d", &onoff);
 
                ret = location_manager_enable_mock_location(onoff);
                fprintf(stderr, "Enabling mock test: ret=%d\n", ret);
@@ -637,7 +651,7 @@ static int location_test()
                int onoff = 1;
 
                fprintf(stderr, "\n     Input ON: 1 or OFF: 0 ==> ");
-               ret = scanf("%d", &onoff);
+               ret = scanf_safety("%d", &onoff);
 
                if (onoff == 0 || onoff == 1) {
                        ret = enable_method(method, onoff);