FreeCalypso > hg > freecalypso-tools
view rvinterf/etmsync/fsmisc.c @ 1011:6d9b10633f10 default tip
etmsync Pirelli IMEI retrieval: fix poor use of printf()
Bug reported by Vadim Yanitskiy <fixeria@osmocom.org>: the construct
where a static-allocated string was passed to printf() without any
format arguments causes newer compilers to report a security problem.
Given that formatted output is not needed here, just fixed string
output, change printf() to fputs(), and direct the error message
to stderr while at it.
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Thu, 23 May 2024 17:29:57 +0000 |
| parents | e434df27e4d9 |
| children |
line wrap: on
line source
/* * Miscellaneous (dangerous!) FFS2 operations */ #include <sys/types.h> #include <ctype.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <strings.h> #include "etm.h" #include "ffs.h" #include "ffserr.h" #include "tmffs2.h" #include "limits.h" #include "ffslimits.h" #include "localtypes.h" #include "localstruct.h" #include "exitcodes.h" extern u_char rvi_msg[]; extern int rvi_msg_len; cmd_format(argc, argv) char **argv; { u_char cmdpkt[MAX_PKT_TO_TARGET], *dp; int rc, slen; slen = strlen(argv[1]); if (slen >= TMFFS_STRING_SIZE) { printf("error: argument exceeds string length limit\n"); return(ERROR_USAGE); } dp = cmdpkt + 1; *dp++ = ETM_FFS2; *dp++ = TMFFS_FORMAT; *dp++ = slen + 1; strcpy(dp, argv[1]); dp += slen + 1; /* magic is 0x2BAD, 16-bit little-endian */ *dp++ = 0xAD; *dp++ = 0x2B; rc = etm_pkt_exch(cmdpkt, dp - cmdpkt - 1); if (rc) return(rc); if (rvi_msg_len != 5) { printf("error: TMFFS_FORMAT response has wrong length\n"); return(ERROR_TARGET); } if (rvi_msg[3]) { report_ffs_err("format", rvi_msg[3]); if (rvi_msg[3] == TMFFS_ERR_NOPREFORMAT) return(0); /* do not stop scripts */ else return(ERROR_TARGET); } return(0); } cmd_preformat() { u_char cmdpkt[6]; int rc; cmdpkt[1] = ETM_FFS2; cmdpkt[2] = TMFFS_PREFORMAT; /* magic is 0xDEAD, 16-bit little-endian */ cmdpkt[3] = 0xAD; cmdpkt[4] = 0xDE; rc = etm_pkt_exch(cmdpkt, 4); if (rc) return(rc); if (rvi_msg_len != 5) { printf("error: TMFFS_PREFORMAT response has wrong length\n"); return(ERROR_TARGET); } if (rvi_msg[3]) { report_ffs_err("preformat", rvi_msg[3]); return(ERROR_TARGET); } return(0); } cmd_set_imeisv(argc, argv) char **argv; { char *filename, *cp, digits[16]; u_char bytes[8]; int pcm_order, i; if (!strcmp(argv[1], "pcm")) { filename = "/pcm/IMEI"; pcm_order = 1; } else if (!strcmp(argv[1], "fc")) { filename = "/etc/IMEISV"; pcm_order = 0; } else { fprintf(stderr, "error: IMEISV storage type argument must be \"pcm\" or \"fc\"\n"); return(ERROR_USAGE); } cp = argv[2]; if (!isdigit(*cp)) { inv: fprintf(stderr, "error: 2nd argument must have 16 decimal digits\n"); return(ERROR_USAGE); } for (i = 0; i < 16; i++) { if (ispunct(*cp)) cp++; if (!isdigit(*cp)) goto inv; digits[i] = *cp++ - '0'; } if (*cp) goto inv; for (i = 0; i < 8; i++) bytes[i] = pcm_order ? digits[i*2+1] << 4 | digits[i*2] : digits[i*2] << 4 | digits[i*2+1]; printf("Writing \"%02X %02X %02X %02X %02X %02X %02X %02X\" into %s\n", bytes[0], bytes[1], bytes[2], bytes[3], bytes[4], bytes[5], bytes[6], bytes[7], filename); return do_short_fwrite(filename, bytes, 8); } cmd_set_pcm_string(argc, argv) char **argv; { char filename[16]; if (strcmp(argv[1], "CGMI") && strcmp(argv[1], "CGMM") && strcmp(argv[1], "CGMR") && strcmp(argv[1], "CGSN")) { fprintf(stderr, "error: \"%s\" is not a recognized PCM string file name\n", argv[1]); return(ERROR_USAGE); } sprintf(filename, "/pcm/%s", argv[1]); if (strlen(argv[2]) > 20) { fprintf(stderr, "error: %s string may not exceed 20 characters\n", filename); return(ERROR_USAGE); } return do_short_fwrite(filename, argv[2], strlen(argv[2])); } cmd_set_rfcap(argc, argv) char **argv; { return set_rfcap(argv[1]); }