Skip to content

Commit

Permalink
Merge pull request rdkcentral#4513 from melhar098/RDK-44124
Browse files Browse the repository at this point in the history 
RDK-44124: Thunder Services - Unsafe string Functions - Phase 7
  • Loading branch information
@anand-ky
anand-ky authored Oct 13, 2023
2 parents 0d56730 + 8d2c038 commit d977147
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 23 deletions.
5 changes: 5 additions & 0 deletions XCast/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,11 @@ All notable changes to this RDK Service will be documented in this file.
* Changes in CHANGELOG should be updated when commits are added to the main or release branches. There should be one CHANGELOG entry per JIRA Ticket. This is not enforced on sprint branches since there could be multiple changes for the same JIRA ticket during development.

* For more details, refer to [versioning](https://github.com/rdkcentral/rdkservices#versioning) section under Main README.

## [1.0.17] - 2023-10-10
### Changed
- Changed string functions to safer versions and making sure there is a null terminator at the end after string function calls

## [1.0.16] - 2023-10-04
### Added
- Implement Thunder Plugin Configuration for Kirkstone builds(CMake-3.20 & above)
Expand Down
49 changes: 26 additions & 23 deletions XCast/XCast.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ using namespace std;

#define API_VERSION_NUMBER_MAJOR 1
#define API_VERSION_NUMBER_MINOR 0
#define API_VERSION_NUMBER_PATCH 15
#define API_VERSION_NUMBER_PATCH 17

namespace WPEFramework {

Expand Down Expand Up @@ -458,14 +458,17 @@ bool XCast::getEntryFromAppLaunchParamList (const char* appName, DynamicAppConfi
for (DynamicAppConfig* regAppLaunchParam : m_appConfigCache) {
if (0 == strcmp (regAppLaunchParam->appName, appName)) {
isEntryFound = true;
strcpy (retAppConfig.appName, regAppLaunchParam->appName);
strncpy (retAppConfig.appName, regAppLaunchParam->appName, sizeof(retAppConfig.appName));
retAppConfig.appName[sizeof(retAppConfig.appName) - 1] = '\0';

if (regAppLaunchParam->query) {
strcpy (retAppConfig.query, regAppLaunchParam->query);
strncpy (retAppConfig.query, regAppLaunchParam->query, sizeof(retAppConfig.query));
retAppConfig.query[sizeof(retAppConfig.query) - 1] = '\0';
}

if (regAppLaunchParam->payload) {
strcpy (retAppConfig.payload, regAppLaunchParam->payload);
strncpy (retAppConfig.payload, regAppLaunchParam->payload, sizeof(retAppConfig.payload));
retAppConfig.payload[sizeof(retAppConfig.payload) - 1] = '\0';
}
break;
}
Expand Down Expand Up @@ -595,7 +598,7 @@ void XCast::updateDynamicAppCache(JsonArray applications)
DynamicAppConfig* pDynamicAppConfig = (DynamicAppConfig*) malloc (sizeof(DynamicAppConfig));
memset ((void*)pDynamicAppConfig, '0', sizeof(DynamicAppConfig));
memset (pDynamicAppConfig->appName, '\0', sizeof(pDynamicAppConfig->appName));
strcpy (pDynamicAppConfig->appName, itrName.c_str());
strncpy (pDynamicAppConfig->appName, itrName.c_str(), sizeof(pDynamicAppConfig->appName) - 1);
memset (pDynamicAppConfig->prefixes, '\0', sizeof(pDynamicAppConfig->prefixes));
memset (pDynamicAppConfig->cors, '\0', sizeof(pDynamicAppConfig->cors));
memset (pDynamicAppConfig->query, '\0', sizeof(pDynamicAppConfig->query));
Expand All @@ -613,7 +616,7 @@ void XCast::updateDynamicAppCache(JsonArray applications)
itrPrefix = jPrefixes[i].String().c_str();
LOGINFO("%s, size:%d", itrPrefix.c_str(), (int)strlen (itrPrefix.c_str()));
for (DynamicAppConfig* pDynamicAppConfig : appConfigListTemp) {
strcpy (pDynamicAppConfig->prefixes, itrPrefix.c_str());
strncpy (pDynamicAppConfig->prefixes, itrPrefix.c_str(), sizeof(pDynamicAppConfig->prefixes) - 1);
}
}
}
Expand All @@ -628,7 +631,7 @@ void XCast::updateDynamicAppCache(JsonArray applications)
itrCor = jCors[i].String().c_str();
LOGINFO("%s, size:%d", itrCor.c_str(), (int)strlen (itrCor.c_str()));
for (DynamicAppConfig* pDynamicAppConfig : appConfigListTemp) {
strcpy (pDynamicAppConfig->cors, itrCor.c_str());
strncpy (pDynamicAppConfig->cors, itrCor.c_str(), sizeof(pDynamicAppConfig->cors) - 1);
}
}
}
Expand Down Expand Up @@ -680,10 +683,10 @@ void XCast::updateDynamicAppCache(JsonArray applications)
//Set launchParameters in list for later usage
for (DynamicAppConfig* pDynamicAppConfig : appConfigListTemp) {
if (jLaunchParam.HasLabel("query")) {
strcpy (pDynamicAppConfig->query, jQuery.c_str());
strncpy (pDynamicAppConfig->query, jQuery.c_str(), sizeof(pDynamicAppConfig->query) - 1);
}
if (jLaunchParam.HasLabel("payload")) {
strcpy (pDynamicAppConfig->payload, jPayload.c_str());
strncpy (pDynamicAppConfig->payload, jPayload.c_str(), sizeof(pDynamicAppConfig->payload) - 1);
}
}

Expand Down Expand Up @@ -886,47 +889,47 @@ void XCast::getUrlFromAppLaunchParams (const char *app_name, const char *payload
memset (url, '\0', url_len);
if(strcmp(app_name,"YouTube") == 0) {
if ((payload != NULL) && (additional_data_url != NULL)){
sprintf( url, "https://www.youtube.com/tv?%s&additionalDataUrl=%s", payload, additional_data_url);
snprintf( url, url_len, "https://www.youtube.com/tv?%s&additionalDataUrl=%s", payload, additional_data_url);
}else if (payload != NULL){
sprintf( url, "https://www.youtube.com/tv?%s", payload);
snprintf( url, url_len, "https://www.youtube.com/tv?%s", payload);
}else{
sprintf( url, "https://www.youtube.com/tv");
snprintf( url, url_len, "https://www.youtube.com/tv");
}
}
else if(strcmp(app_name,"YouTubeTV") == 0) {
if ((payload != NULL) && (additional_data_url != NULL)){
sprintf( url, "https://www.youtube.com/tv/upg?%s&additionalDataUrl=%s", payload, additional_data_url);
snprintf( url, url_len, "https://www.youtube.com/tv/upg?%s&additionalDataUrl=%s", payload, additional_data_url);
}else if (payload != NULL){
sprintf( url, "https://www.youtube.com/tv/upg?%s", payload);
snprintf( url, url_len, "https://www.youtube.com/tv/upg?%s", payload);
}else{
sprintf( url, "https://www.youtube.com/tv/upg?");
snprintf( url, url_len, "https://www.youtube.com/tv/upg?");
}
}
else if(strcmp(app_name,"YouTubeKids") == 0) {
if ((payload != NULL) && (additional_data_url != NULL)){
sprintf( url, "https://www.youtube.com/tv_kids?%s&additionalDataUrl=%s", payload, additional_data_url);
snprintf( url, url_len, "https://www.youtube.com/tv_kids?%s&additionalDataUrl=%s", payload, additional_data_url);
}else if (payload != NULL){
sprintf( url, "https://www.youtube.com/tv_kids?%s", payload);
snprintf( url, url_len, "https://www.youtube.com/tv_kids?%s", payload);
}else{
sprintf( url, "https://www.youtube.com/tv_kids?");
snprintf( url, url_len, "https://www.youtube.com/tv_kids?");
}
}
else if(strcmp(app_name,"Netflix") == 0) {
memset( url, 0, url_len );
strcat( url, "source_type=12" );
strncat( url, "source_type=12", url_len - strlen(url) - 1);
if(payload != NULL)
{
const char * pUrlEncodedParams;
pUrlEncodedParams = payload;
if( pUrlEncodedParams ){
strcat( url, "&dial=");
strcat( url, pUrlEncodedParams );
strncat( url, "&dial=", url_len - strlen(url) - 1);
strncat( url, pUrlEncodedParams, url_len - strlen(url) - 1);
}
}

if(additional_data_url != NULL){
strcat(url, "&additionalDataUrl=");
strcat(url, additional_data_url);
strncat(url, "&additionalDataUrl=", url_len - strlen(url) - 1);
strncat(url, additional_data_url, url_len - strlen(url) - 1);
}
}
else {
Expand Down

0 comments on commit d977147

Please sign in to comment.