[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] libgnokii and core programs branch, master, updated. rel_0_6_29-48
|
From: |
Daniele Forsi |
|
Subject: |
[SCM] libgnokii and core programs branch, master, updated. rel_0_6_29-482-g1249e9a |
|
Date: |
Mon, 22 Apr 2013 09:28:08 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "libgnokii and core programs".
The branch, master has been updated
via 1249e9ae826b9e52cb3e81f690f4c956c9461e82 (commit)
from 3de4e1f68ad02f550502dc28bb4769f339952df3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/gnokii.git/commit/?id=1249e9ae826b9e52cb3e81f690f4c956c9461e82
commit 1249e9ae826b9e52cb3e81f690f4c956c9461e82
Author: Daniele Forsi <address@hidden>
Date: Mon Apr 22 10:46:00 2013 +0200
Fix buffer usage when phone number longer than 15 digits is converted to
UCS-2
When a phone number with 16 digits or more the converted string took all
16*4=64
bytes of the buffer in which case at_encode() doesn't insert a string
terminator.
Use the same code with model=AT and model=fake for testing.
Fixes:
==13576== Conditional jump or move depends on uninitialised value(s)
==13576== at 0x41CB2F4: vfprintf (vfprintf.c:1623)
==13576== by 0x41ECDCF: vsnprintf (vsnprintf.c:120)
==13576== by 0x41D0ED1: snprintf (snprintf.c:35)
==13576== by 0x4095F8B: fake_writephonebook.isra.15 (fake.c:474)
==13576== by 0x403FB91: gn_sm_functions (gsm-statemachine.c:343)
==13576== by 0x8054731: writephonebook (gnokii-phonebook.c:426)
==13576== by 0x804C1AD: parse_options (gnokii.c:924)
==13576== by 0x804B858: parse_options (gnokii.c:856)
==13576== by 0x804AD16: main (gnokii.c:1233)
Test case:
gnokii --phone fake --writephonebook --vcard --overwrite <
testsuite/vcard/vcard-full-ascii.vcf
Correct output, after this fix:
AT+CPBW=1000,"0031003200330034003500360037003800390030003100320033003400350036003700380039003000310032003300340035003600370038003900300031003200330034003500360037003800390030003100320033003400350036003700380039",129,"0047006900760065006E0020006E0061006D0065002000460061006D0069006C0079002D006E0061006D006500200069006E00200046004E002000300031003200330034003500360037003800390030003100320033003400350036003700380039003000310032003300340035003600370038003900300031"
Wrong output, before this fix:
AT+CPBW=1000,"0031003200330034003500360037003800390030003100320033003400350036AT+CPBW=1000,"0031003",129,"0047006900760065006E0020006E0061006D0065002000460061006D0069006C0079002D006E0061006D006500200069006E00200046004E00200030003100320033003400350036"
diff --git a/common/phones/atgen.c b/common/phones/atgen.c
index 0d8e7c6..0823b64 100644
--- a/common/phones/atgen.c
+++ b/common/phones/atgen.c
@@ -1002,39 +1002,47 @@ static gn_error AT_ReadPhonebook(gn_data *data, struct
gn_statemachine *state)
static gn_error AT_WritePhonebook(gn_data *data, struct gn_statemachine *state)
{
at_driver_instance *drvinst = AT_DRVINST(state);
- int len, ofs;
- char req[256], *tmp;
- char number[64];
+ int len;
+ /* Each UCS-2 character takes 4 bytes when encoded as HEX */
+ char number[GN_PHONEBOOK_NUMBER_MAX_LENGTH * 4 + 1],
name[GN_PHONEBOOK_NAME_MAX_LENGTH * 4 + 1];
+ char req[sizeof("AT+CPBW=00000,\"\",000,\"\"\r\n") - 1 + sizeof(name) -
1 + sizeof(number) - 1 + 1];
gn_error ret;
+ if (data->phonebook_entry->empty)
+ return AT_DeletePhonebook(data, state);
+
ret = at_memory_type_set(data->phonebook_entry->memory_type, state);
if (ret)
return ret;
- if (data->phonebook_entry->empty) {
- return AT_DeletePhonebook(data, state);
- } else {
- ret = state->driver.functions(GN_OP_AT_SetCharset, data, state);
- if (ret)
- return ret;
- memset(number, 0, sizeof(number));
- if (drvinst->encode_number)
- at_encode(drvinst->charset, number, sizeof(number),
+
+ ret = state->driver.functions(GN_OP_AT_SetCharset, data, state);
+ if (ret)
+ return ret;
+
+ if (drvinst->encode_number)
+ len = at_encode(drvinst->charset, number, sizeof(number),
data->phonebook_entry->number,
- strlen(data->phonebook_entry->number));
- else
- strncpy(number, data->phonebook_entry->number,
sizeof(number));
- ofs = snprintf(req, sizeof(req), "AT+CPBW=%d,\"%s\",%s,\"",
-
data->phonebook_entry->location+drvinst->memoryoffset,
- number,
- data->phonebook_entry->number[0] == '+' ? "145"
: "129");
- tmp = req + ofs;
- len = at_encode(drvinst->charset, tmp, sizeof(req) - ofs,
- data->phonebook_entry->name,
- strlen(data->phonebook_entry->name));
- tmp[len-1] = '"';
- tmp[len++] = '\r';
- len += ofs;
- }
+ strlen(data->phonebook_entry->number)) - 1;
+ else
+ len = snprintf(number, sizeof(number), "%s",
data->phonebook_entry->number);
+ if (len >= sizeof(number))
+ return GN_ERR_ENTRYTOOLONG;
+
+
+ len = at_encode(drvinst->charset, name, sizeof(name),
+ data->phonebook_entry->name,
+ strlen(data->phonebook_entry->name)) - 1;
+ if (len >= sizeof(name))
+ return GN_ERR_ENTRYTOOLONG;
+
+ len = snprintf(req, sizeof(req), "AT+CPBW=%d,\"%s\",%d,\"%s\"\r\n",
+ data->phonebook_entry->location,
+ number,
+ data->phonebook_entry->number[0] == '+' ?
GN_GSM_NUMBER_International : GN_GSM_NUMBER_Unknown,
+ name);
+ if (len >= sizeof(req))
+ return GN_ERR_ENTRYTOOLONG;
+
if (sm_message_send(len, GN_OP_WritePhonebook, req, state))
return GN_ERR_NOTREADY;
return sm_block_no_retry(GN_OP_WritePhonebook, data, state);
diff --git a/common/phones/fake.c b/common/phones/fake.c
index eaeeab0..9a7769e 100644
--- a/common/phones/fake.c
+++ b/common/phones/fake.c
@@ -25,6 +25,7 @@
/* Some globals */
static gn_error fake_functions(gn_operation op, gn_data *data, struct
gn_statemachine *state);
+static gn_error fake_deletephonebook(gn_data *data, struct gn_statemachine
*state);
gn_driver driver_fake = {
NULL,
@@ -49,6 +50,8 @@ gn_driver driver_fake = {
NULL
};
+static int encode_number = 1;
+
/* Initialise is the only function allowed to 'use' state */
static gn_error fake_initialise(struct gn_statemachine *state)
{
@@ -459,30 +462,38 @@ static gn_error fake_phonebookstatus(gn_data *data,
struct gn_statemachine *stat
static gn_error fake_writephonebook(gn_data *data, struct gn_statemachine
*state)
{
- int len, ofs;
- char req[256], *tmp;
- char number[64];
-
- memset(number, 0, sizeof(number));
-#if 1
- fake_encode(AT_CHAR_UCS2, number, sizeof(number),
- data->phonebook_entry->number,
- strlen(data->phonebook_entry->number));
-#else
- strncpy(number, data->phonebook_entry->number, sizeof(number));
-#endif
- ofs = snprintf(req, sizeof(req), "AT+CPBW=%d,\"%s\",%s,\"",
+ int len;
+ /* Each UCS-2 character takes 4 bytes when encoded as HEX */
+ char number[GN_PHONEBOOK_NUMBER_MAX_LENGTH * 4 + 1],
name[GN_PHONEBOOK_NAME_MAX_LENGTH * 4 + 1];
+ char req[sizeof("AT+CPBW=00000,\"\",000,\"\"\r\n") - 1 + sizeof(name) -
1 + sizeof(number) - 1 + 1];
+
+ if (data->phonebook_entry->empty)
+ return fake_deletephonebook(data, state);
+
+ if (encode_number)
+ len = fake_encode(AT_CHAR_UCS2, number, sizeof(number),
+ data->phonebook_entry->number,
+ strlen(data->phonebook_entry->number)) - 1;
+ else
+ len = snprintf(number, sizeof(number), "%s",
data->phonebook_entry->number);
+ if (len >= sizeof(number))
+ return GN_ERR_ENTRYTOOLONG;
+
+ len = fake_encode(AT_CHAR_UCS2, name, sizeof(name),
+ data->phonebook_entry->name,
+ strlen(data->phonebook_entry->name)) - 1;
+ if (len >= sizeof(name))
+ return GN_ERR_ENTRYTOOLONG;
+
+ len = snprintf(req, sizeof(req), "AT+CPBW=%d,\"%s\",%d,\"%s\"\r\n",
data->phonebook_entry->location,
number,
- data->phonebook_entry->number[0] == '+' ? "145" : "129");
- tmp = req + ofs;
- len = fake_encode(AT_CHAR_UCS2, tmp, sizeof(req) - ofs - 3,
- data->phonebook_entry->name,
- strlen(data->phonebook_entry->name));
- tmp[len-1] = '"';
- tmp[len++] = '\r';
- tmp[len] = '\0';
- fprintf(stdout, "%s\n", req);
+ data->phonebook_entry->number[0] == '+' ?
GN_GSM_NUMBER_International : GN_GSM_NUMBER_Unknown,
+ name);
+ if (len >= sizeof(req))
+ return GN_ERR_ENTRYTOOLONG;
+
+ fprintf(stdout, "%s", req);
return GN_ERR_NONE;
}
@@ -498,7 +509,7 @@ static gn_error fake_readphonebook(gn_data *data, struct
gn_statemachine *state)
return GN_ERR_INVALIDMEMORYTYPE;
if (!fake_phonebook[pe->location - 1])
-#if 1
+#if 0
/* This is to emulate those phones that return error for empty
locations */
return GN_ERR_INVALIDLOCATION;
#else
-----------------------------------------------------------------------
Summary of changes:
common/phones/atgen.c | 62 +++++++++++++++++++++++++++---------------------
common/phones/fake.c | 57 ++++++++++++++++++++++++++------------------
2 files changed, 69 insertions(+), 50 deletions(-)
hooks/post-receive
--
libgnokii and core programs
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] libgnokii and core programs branch, master, updated. rel_0_6_29-482-g1249e9a,
Daniele Forsi <=