diff options
author | Denis Kenzior <denkenz@gmail.com> | 2010-03-24 16:28:19 -0500 |
---|---|---|
committer | Denis Kenzior <denkenz@gmail.com> | 2010-03-24 16:28:19 -0500 |
commit | 005ecd5dd9bb3b04360aaeb151e6e7ee1569c5b3 (patch) | |
tree | 4b1913ef8a99e18be53bb2e44253a543dcbd7eb5 | |
parent | 7c8fa919fa5ea1111606331b4b0fb6b024be32ac (diff) | |
download | ofono-005ecd5dd9bb3b04360aaeb151e6e7ee1569c5b3.tar.bz2 |
Fix: Be more paranoid in basic command parsing
-rw-r--r-- | gatchat/gatserver.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/gatchat/gatserver.c b/gatchat/gatserver.c index 72abb00a..d48e2512 100644 --- a/gatchat/gatserver.c +++ b/gatchat/gatserver.c @@ -308,17 +308,16 @@ next: return i + 1; } -static gboolean get_basic_prefix(const char *buf, char *prefix) +static gboolean get_basic_prefix(const char *buf, char *out_prefix) { char c = *buf; - - if (!g_ascii_isalpha(c) && c != '&') - return FALSE; + char prefix[4]; if (g_ascii_isalpha(c)) { c = g_ascii_toupper(c); + if (c == 'S') { - int i = 0; + int i; prefix[0] = 'S'; @@ -326,20 +325,36 @@ static gboolean get_basic_prefix(const char *buf, char *prefix) * number. Limited to two digits since 100 * S-registers should be enough. */ - while (i <= 2 && g_ascii_isdigit(buf[++i])) + for (i = 1; i < 3 && g_ascii_isdigit(buf[i]); i++) prefix[i] = buf[i]; prefix[i] = '\0'; + + /* + * Do some basic sanity checking, don't accept 00, 01, + * etc or empty S values + */ + if (prefix[1] == '\0') + return FALSE; + + if (prefix[1] == '0' && prefix[2] != '\0') + return FALSE; } else { prefix[0] = c; prefix[1] = '\0'; } } else if (c == '&') { prefix[0] = '&'; + + if (g_ascii_isalpha(buf[1] == FALSE)) + return FALSE; + prefix[1] = g_ascii_toupper(buf[1]); prefix[2] = '\0'; } + memcpy(out_prefix, prefix, sizeof(prefix)); + return TRUE; } |