Index: atgen.c =================================================================== RCS file: /sources/gnokii/gnokii/common/phones/atgen.c,v retrieving revision 1.162 diff -u -p -r1.162 atgen.c --- atgen.c 6 Nov 2007 22:15:19 -0000 1.162 +++ atgen.c 6 Nov 2007 23:43:25 -0000 @@ -547,7 +547,7 @@ gn_error at_memory_type_set(gn_memory_ty if (mt != drvinst->memorytype) { if (mt >= NR_MEMORIES) return GN_ERR_INVALIDMEMORYTYPE; - sprintf(req, "AT+CPBS=\"%s\"\r", memorynames[mt]); + snprintf(req, sizeof(req), "AT+CPBS=\"%s\"\r", memorynames[mt]); ret = sm_message_send(13, GN_OP_Init, req, state); if (ret) return GN_ERR_NOTREADY; @@ -584,7 +584,7 @@ gn_error AT_SetSMSMemoryType(gn_memory_t if (mt >= NR_MEMORIES) return GN_ERR_INVALIDMEMORYTYPE; gn_data_clear(&data); - sprintf(req, "AT+CPMS=\"%s\"\r", memorynames[mt]); + snprintf(req, sizeof(req), "AT+CPMS=\"%s\"\r", memorynames[mt]); ret = sm_message_send(13, GN_OP_Init, req, state); if (ret == GN_ERR_NONE) ret = sm_block_no_retry(GN_OP_Init, &data, state); @@ -812,7 +812,7 @@ static gn_error AT_ReadPhonebook(gn_data ret = at_memory_type_set(data->phonebook_entry->memory_type, state); if (ret) return ret; - sprintf(req, "AT+CPBR=%d\r", data->phonebook_entry->location + drvinst->memoryoffset); + snprintf(req, sizeof(req), "AT+CPBR=%d\r", data->phonebook_entry->location + drvinst->memoryoffset); if (sm_message_send(strlen(req), GN_OP_ReadPhonebook, req, state)) return GN_ERR_NOTREADY; return sm_block_no_retry(GN_OP_ReadPhonebook, data, state); @@ -865,7 +865,7 @@ static gn_error AT_DeletePhonebook(gn_da if (ret) return ret; - len = sprintf(req, "AT+CPBW=%d\r", data->phonebook_entry->location+drvinst->memoryoffset); + len = snprintf(req, sizeof(req), "AT+CPBW=%d\r", data->phonebook_entry->location+drvinst->memoryoffset); if (sm_message_send(len, GN_OP_DeletePhonebook, req, state)) return GN_ERR_NOTREADY; @@ -878,38 +878,45 @@ static gn_error AT_CallDivert(gn_data *d if (!data->call_divert) return GN_ERR_UNKNOWN; - sprintf(req, "AT+CCFC="); + strncpy(req, "AT+CCFC=", strlen("AT+CCFC=")); switch (data->call_divert->type) { case GN_CDV_AllTypes: - strcat(req, "4"); + strncat(req, "4", strlen("4")); break; case GN_CDV_Busy: - strcat(req, "1"); + strncat(req, "1", strlen("1")); break; case GN_CDV_NoAnswer: - strcat(req, "2"); + strncat(req, "2", strlen("2")); break; case GN_CDV_OutOfReach: - strcat(req, "3"); + strncat(req, "3", strlen("3")); break; default: dprintf("3. %d\n", data->call_divert->type); return GN_ERR_NOTIMPLEMENTED; } if (data->call_divert->operation == GN_CDV_Register) { - sprintf(req2, ",%d,\"%s\",%d,,,%d", - data->call_divert->operation, - data->call_divert->number.number, - data->call_divert->number.type, - data->call_divert->timeout); - strcat(req, req2); + snprintf(req2, sizeof(req2), ",%d,\"%s\",%d,,,%d", + data->call_divert->operation, + data->call_divert->number.number, + data->call_divert->number.type, + data->call_divert->timeout); + if (strlen(req2) + strlen (req) + 1 > sizeof(req)) + return GN_ERR_FAILED; + strncat(req, req2, strlen(req2)); } else { - sprintf(req2, ",%d", data->call_divert->operation); - strcat(req, req2); + snprintf(req2, sizeof(req2), ",%d", data->call_divert->operation); + if (strlen(req2) + strlen (req) + 1 > sizeof(req)) + return GN_ERR_FAILED; + strncat(req, req2, strlen(req2)); } - strcat(req, "\r"); + if (strlen(req) + 2 > sizeof(req)) + return GN_ERR_FAILED; + + strncat(req, "\r", strlen("\r")); dprintf("%s", req); if (sm_message_send(strlen(req), GN_OP_CallDivert, req, state)) @@ -1008,9 +1015,9 @@ static gn_error AT_WriteSMS(gn_data *dat /* Length in AT mode is the length of the full message minus * SMSC field length */ if(drvinst->no_smsc) { - sprintf(req, "AT+%s=%d\r", cmd, length); + snprintf(req, sizeof(req), "AT+%s=%d\r", cmd, length); } else { - sprintf(req, "AT+%s=%d\r", cmd, length - data->raw_sms->message_center[0] - 1); + snprintf(req, sizeof(req), "AT+%s=%d\r", cmd, length - data->raw_sms->message_center[0] - 1); } dprintf("Sending initial sequence\n"); if (sm_message_send(strlen(req), GN_OP_AT_Prompt, req, state)) @@ -1201,13 +1208,13 @@ static gn_error AT_SetDateTime(gn_data * data->datetime = dt; memset(req, 0, 64); if (drvinst->timezone) - sprintf(req, "AT+CCLK=\"%02d/%02d/%02d,%02d:%02d:%02d%s\"\r", - dt->year % 100, dt->month, dt->day, - dt->hour, dt->minute, dt->second, drvinst->timezone); + snprintf(req, sizeof(req), "AT+CCLK=\"%02d/%02d/%02d,%02d:%02d:%02d%s\"\r", + dt->year % 100, dt->month, dt->day, + dt->hour, dt->minute, dt->second, drvinst->timezone); else - sprintf(req, "AT+CCLK=\"%02d/%02d/%02d,%02d:%02d:%02d\"\r", - dt->year % 100, dt->month, dt->day, - dt->hour, dt->minute, dt->second); + snprintf(req, sizeof(req), "AT+CCLK=\"%02d/%02d/%02d,%02d:%02d:%02d\"\r", + dt->year % 100, dt->month, dt->day, + dt->hour, dt->minute, dt->second); if (sm_message_send(strlen(req), GN_OP_SetDateTime, req, state)) return GN_ERR_NOTREADY; Index: atsam.c =================================================================== RCS file: /sources/gnokii/gnokii/common/phones/atsam.c,v retrieving revision 1.1 diff -u -p -r1.1 atsam.c --- atsam.c 20 Apr 2007 19:50:35 -0000 1.1 +++ atsam.c 6 Nov 2007 23:43:25 -0000 @@ -171,12 +171,16 @@ static gn_error ReplyReadPhonebook(int m return GN_ERR_INTERNALERROR; tmp[0] = 0; if (first_name) { - strcat(entry->name, first_name); + if (strlen(first_name) + strlen(entry->name) + 1 > sizeof(entry->name)) + return GN_ERR_FAILED; + strncat(entry->name, first_name, strlen(first_name)); if (last_name) - strcat(entry->name, " "); + strncat(entry->name, " ", strlen(" ")); } + if (strlen(last_name) + strlen(entry->name) + 1 > sizeof(entry->name)) + return GN_ERR_FAILED; if (last_name) - strcat(entry->name, last_name); + strncat(entry->name, last_name, strlen (last_name)); free(tmp); } } @@ -194,7 +198,7 @@ static gn_error AT_ReadPhonebook(gn_data ret = at_memory_type_set(data->phonebook_entry->memory_type, state); if (ret) return ret; - sprintf(req, "AT+SPBR=%d\r", data->phonebook_entry->location+drvinst->memoryoffset); + snprintf(req, sizeof(req), "AT+SPBR=%d\r", data->phonebook_entry->location+drvinst->memoryoffset); if (sm_message_send(strlen(req), GN_OP_ReadPhonebook, req, state)) return GN_ERR_NOTREADY; return sm_block_no_retry(GN_OP_ReadPhonebook, data, state); @@ -214,7 +218,7 @@ static gn_error AT_DeletePhonebook(gn_da if (ret) return ret; - len = sprintf(req, "AT+SPBW=%d\r", data->phonebook_entry->location+drvinst->memoryoffset); + len = snprintf(req, sizeof(req), "AT+SPBW=%d\r", data->phonebook_entry->location+drvinst->memoryoffset); if (sm_message_send(len, GN_OP_DeletePhonebook, req, state)) return GN_ERR_NOTREADY; Index: atsoer.c =================================================================== RCS file: /sources/gnokii/gnokii/common/phones/atsoer.c,v retrieving revision 1.7 diff -u -p -r1.7 atsoer.c --- atsoer.c 22 Oct 2007 21:21:58 -0000 1.7 +++ atsoer.c 6 Nov 2007 23:43:25 -0000 @@ -56,7 +56,7 @@ static gn_error se_at_memory_type_set(gn len = at_encode(drvinst->charset, memtype, sizeof(memtype), memorynames[mt], strlen(memorynames[mt])); - sprintf(req, "AT+CPBS=\"%s\"\r", memtype); + snprintf(req, sizeof(req), "AT+CPBS=\"%s\"\r", memtype); ret = sm_message_send(11 + len - 1, GN_OP_Init, req, state); if (ret) return GN_ERR_NOTREADY; @@ -168,7 +168,7 @@ static gn_error AT_ReadPhonebook(gn_data ret = se_at_memory_type_set(data->phonebook_entry->memory_type, state); if (ret) return ret; - sprintf(req, "AT+CPBR=%d\r", data->phonebook_entry->location+drvinst->memoryoffset); + snprintf(req, sizeof(req), "AT+CPBR=%d\r", data->phonebook_entry->location+drvinst->memoryoffset); if (sm_message_send(strlen(req), GN_OP_ReadPhonebook, req, state)) return GN_ERR_NOTREADY; return sm_block_no_retry(GN_OP_ReadPhonebook, data, state); @@ -242,7 +242,7 @@ static gn_error AT_DeletePhonebook(gn_da if (ret) return ret; - len = sprintf(req, "AT+CPBW=%d\r", data->phonebook_entry->location+drvinst->memoryoffset); + len = snprintf(req, sizeof(req), "AT+CPBW=%d\r", data->phonebook_entry->location+drvinst->memoryoffset); if (sm_message_send(len, GN_OP_DeletePhonebook, req, state)) return GN_ERR_NOTREADY;