util: Add handling code to safely read and write arraystizen_9.0_m2_releaseaccepted/tizen/unified/dev/20240718.035909accepted/tizen/unified/20240717.060540accepted/tizen/9.0/unified/20241030.234951tizen_9.0tizenaccepted/tizen_unified_devaccepted/tizen_unifiedaccepted/tizen_9.0_unified

There was a missing code for handling the null character
so that it doesn't exceed the array size when reading and storing strings.
The code has been modified to handle the array safely.
To avoid overflow issue, this is necessary.

Change-Id: Ib75301a07906391c57fb739ef3399ff211cd1503
Signed-off-by: Yunhee Seo <yuni.seo@samsung.com>

1 files changed, 34 insertions, 30 deletions

diff --git a/src/util.c b/src/util.c
index 4fb5d1e..613090d 100644
--- a/src/util.c
+++ b/src/util.c
@@ -16,6 +16,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <stdlib.h>
+#include <string.h>
 #include <stdio.h>
 #include <unistd.h>
 
@@ -36,64 +37,67 @@ static dbus_handle_s g_dh[2];
 	pthread_mutex_unlock(&(handle)->mutex);\
 } while (0);
 
-static int sysfs_read_buf(char *path, char *buf, int len)
+static int sysfs_read_buf(char *file, char *buf, int len)
 {
-	int r, fd;
+	int fd, r;
 
-	if ((!path) || (!buf) || (len < 0))
+	if (!file || !buf || len < 0)
 		return -EINVAL;
 
-	fd = open(path, O_RDONLY);
+	fd = open(file, O_RDONLY);
 	if (fd == -1)
-		return -ENOENT;
+		return -errno;
 
 	r = read(fd, buf, len);
-	close(fd);
-
-	if ((r < 0) || (r > len))
-		return -EIO;
+	if ((r >= 0) && (r < len))
+		buf[r] = '\0';
+	else {
+		buf[0] = '\0';
+		r = -EIO;
+	}
 
-	/* Replace '\n' with space (ascii code is 32) */
-	buf[strcspn(buf, "\n")] = (char)32;
-	buf[r] = '\0';
+	close(fd);
 
-	return 0;
+	return r;
 }
 
-static int sysfs_write_buf(char *path, char *buf)
+int sysfs_write_buf(char *file, char *buf)
 {
-	int w, fd;
+	int fd, r;
 
-	if ((!path) || (!buf))
+	if (!file || !buf)
 		return -EINVAL;
 
-	fd = open(path, O_WRONLY);
+	fd = open(file, O_WRONLY);
 	if (fd == -1)
-		return -ENOENT;
+		return -errno;
 
-	w = write(fd, buf, strlen(buf));
-	close(fd);
+	r = write(fd, buf, strlen(buf));
+	if (r < 0)
+		r = -EIO;
 
-	if (w < 0)
-		return -EIO;
+	close(fd);
 
 	return 0;
 }
 
 int sysfs_read_int(char *path, int *val)
 {
-	char buf[MAX_BUF_SIZE + 1];
+	char buf[MAX_BUF_SIZE];
 	int r;
 
 	if ((!path) || (!val))
 		return -EINVAL;
 
-	r = sysfs_read_buf(path, buf, MAX_BUF_SIZE);
-	if (r < 0)
-		return r;
+	r = sysfs_read_buf(path, buf, sizeof(buf));
+	if (r > 0) {
+		*val = atoi(buf);
+	} else {
+		*val = -1;
+		r = -EIO;
+	}
 
-	*val = atoi(buf);
-	return 0;
+	return r;
 }
 
 int sysfs_read_str(char *path, char *str, int len)
@@ -112,13 +116,13 @@ int sysfs_read_str(char *path, char *str, int len)
 
 int sysfs_write_int(char *path, int val)
 {
-	char buf[MAX_BUF_SIZE + 1];
+	char buf[MAX_BUF_SIZE];
 	int w;
 
 	if (!path)
 		return -EINVAL;
 
-	snprintf(buf, MAX_BUF_SIZE, "%d", val);
+	snprintf(buf, sizeof(buf), "%d", val);
 	w = sysfs_write_buf(path, buf);
 	if (w < 0)
 		return w;