Merge pull request #768 from seshagiriprabhu/buffer_overflow_in_testing

Added bound checking for the client id of the friend input in DHT test
2024-03-22 13:30:51 +08:00 · 2014-02-25 16:45:44 -05:00 · 2014-02-25 16:45:44 -05:00 · 1591eeee8e
commit 1591eeee8e
parent e32b5f0c95 9bb27fbea6
2 changed files with 10 additions and 4 deletions
--- a/testing/DHT_test.c
+++ b/testing/DHT_test.c
@ -203,9 +203,12 @@ int main(int argc, char *argv[])
    char temp_id[128];
    printf("\nEnter the client_id of the friend you wish to add (32 bytes HEX format):\n");

-    if (scanf("%s", temp_id) != 1)
+    if (!fgets(temp_id, sizeof(temp_id), stdin))
        exit(0);

+    if ((strlen(temp_id) > 0) && (temp_id[strlen(temp_id) - 1] == '\n'))
+        temp_id[strlen(temp_id) - 1] = '\0';
+
    uint8_t *bin_id = hex_string_to_bin(temp_id);
    DHT_addfriend(dht, bin_id);
    free(bin_id);
--- a/testing/Messenger_test.c
+++ b/testing/Messenger_test.c
@ -164,9 +164,12 @@ int main(int argc, char *argv[])
    char temp_hex_id[128];
    printf("\nEnter the address of the friend you wish to add (38 bytes HEX format):\n");

-    if (scanf("%s", temp_hex_id) != 1) {
-        return 1;
-    }
+    if (!fgets(temp_hex_id, sizeof(temp_hex_id), stdin))
+        exit(0);
+
+    if ((strlen(temp_hex_id) > 0) && (temp_hex_id[strlen(temp_hex_id) - 1] == '\n'))
+        temp_hex_id[strlen(temp_hex_id) - 1] = '\0';
+

    uint8_t *bin_id = hex_string_to_bin(temp_hex_id);
    int num = m_addfriend(m, bin_id, (uint8_t *)"Install Gentoo", sizeof("Install Gentoo"));