summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYunhee Seo <yuni.seo@samsung.com>2024-07-16 16:21:32 +0900
committerYunhee Seo <yuni.seo@samsung.com>2024-07-16 16:21:32 +0900
commit341cd2384ad231ac0d081b5c8a8ad11df7c893d2 (patch)
tree8f40ce909b6796cfde4be0f5238728ee783acbf1
parentc8642611f1cdb43f22943b8b7bf8286d4df157e7 (diff)
downloaddevice-emulator-341cd2384ad231ac0d081b5c8a8ad11df7c893d2.tar.gz
device-emulator-341cd2384ad231ac0d081b5c8a8ad11df7c893d2.tar.bz2
device-emulator-341cd2384ad231ac0d081b5c8a8ad11df7c893d2.zip
There was a missing code for handling the null character so that it doesn't exceed the array size when reading and storing strings. The code has been modified to handle the array safely. To avoid overflow issue, this is necessary. Change-Id: Ib75301a07906391c57fb739ef3399ff211cd1503 Signed-off-by: Yunhee Seo <yuni.seo@samsung.com>
-rw-r--r--src/util.c64
1 files changed, 34 insertions, 30 deletions
diff --git a/src/util.c b/src/util.c
index 4fb5d1e..613090d 100644
--- a/src/util.c
+++ b/src/util.c
@@ -16,6 +16,7 @@
#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
+#include <string.h>
#include <stdio.h>
#include <unistd.h>
@@ -36,64 +37,67 @@ static dbus_handle_s g_dh[2];
pthread_mutex_unlock(&(handle)->mutex);\
} while (0);
-static int sysfs_read_buf(char *path, char *buf, int len)
+static int sysfs_read_buf(char *file, char *buf, int len)
{
- int r, fd;
+ int fd, r;
- if ((!path) || (!buf) || (len < 0))
+ if (!file || !buf || len < 0)
return -EINVAL;
- fd = open(path, O_RDONLY);
+ fd = open(file, O_RDONLY);
if (fd == -1)
- return -ENOENT;
+ return -errno;
r = read(fd, buf, len);
- close(fd);
-
- if ((r < 0) || (r > len))
- return -EIO;
+ if ((r >= 0) && (r < len))
+ buf[r] = '\0';
+ else {
+ buf[0] = '\0';
+ r = -EIO;
+ }
- /* Replace '\n' with space (ascii code is 32) */
- buf[strcspn(buf, "\n")] = (char)32;
- buf[r] = '\0';
+ close(fd);
- return 0;
+ return r;
}
-static int sysfs_write_buf(char *path, char *buf)
+int sysfs_write_buf(char *file, char *buf)
{
- int w, fd;
+ int fd, r;
- if ((!path) || (!buf))
+ if (!file || !buf)
return -EINVAL;
- fd = open(path, O_WRONLY);
+ fd = open(file, O_WRONLY);
if (fd == -1)
- return -ENOENT;
+ return -errno;
- w = write(fd, buf, strlen(buf));
- close(fd);
+ r = write(fd, buf, strlen(buf));
+ if (r < 0)
+ r = -EIO;
- if (w < 0)
- return -EIO;
+ close(fd);
return 0;
}
int sysfs_read_int(char *path, int *val)
{
- char buf[MAX_BUF_SIZE + 1];
+ char buf[MAX_BUF_SIZE];
int r;
if ((!path) || (!val))
return -EINVAL;
- r = sysfs_read_buf(path, buf, MAX_BUF_SIZE);
- if (r < 0)
- return r;
+ r = sysfs_read_buf(path, buf, sizeof(buf));
+ if (r > 0) {
+ *val = atoi(buf);
+ } else {
+ *val = -1;
+ r = -EIO;
+ }
- *val = atoi(buf);
- return 0;
+ return r;
}
int sysfs_read_str(char *path, char *str, int len)
@@ -112,13 +116,13 @@ int sysfs_read_str(char *path, char *str, int len)
int sysfs_write_int(char *path, int val)
{
- char buf[MAX_BUF_SIZE + 1];
+ char buf[MAX_BUF_SIZE];
int w;
if (!path)
return -EINVAL;
- snprintf(buf, MAX_BUF_SIZE, "%d", val);
+ snprintf(buf, sizeof(buf), "%d", val);
w = sysfs_write_buf(path, buf);
if (w < 0)
return w;