From ae15a2cac1a01e98e34b4ccd8932ae8f1b99186c Mon Sep 17 00:00:00 2001
From: Jacob Erlbeck <jerlbeck@sysmocom.de>
Date: Tue, 6 Aug 2013 14:29:14 +0200
Subject: vty: Fix misusage of snprintf in vty/utils.c

Compiled with ubuntu 1204 (precise), where -Wformat-security is enabled by
-Wall.

Test yields ok, but the current implementation doesn't properly support
multi-character separators and end strings. So the test output is truncated.

Addresses:
utils.c: In function 'vty_cmd_string_from_valstr':
utils.c:84:2: warning: format not a string literal and no format arguments [-Wformat-security]
utils.c:84:2: warning: format not a string literal and no format arguments [-Wformat-security]
utils.c:108:2: warning: format not a string literal and no format arguments [-Wformat-security]
utils.c:108:2: warning: format not a string literal and no format arguments [-Wformat-security]
---
 tests/vty/vty_test.c  | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++
 tests/vty/vty_test.ok |  3 +++
 2 files changed, 55 insertions(+)
 create mode 100644 tests/vty/vty_test.c
 create mode 100644 tests/vty/vty_test.ok

(limited to 'tests/vty')

diff --git a/tests/vty/vty_test.c b/tests/vty/vty_test.c
new file mode 100644
index 00000000..2a9be84c
--- /dev/null
+++ b/tests/vty/vty_test.c
@@ -0,0 +1,52 @@
+/* (C) 2013 by Jacob Erlbeck <jerlbeck@sysmocom.de>
+ * All Rights Reserved
+ *
+ * This program is iree software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <osmocom/core/talloc.h>
+#include <osmocom/core/logging.h>
+#include <osmocom/core/utils.h>
+#include <osmocom/vty/misc.h>
+
+static void test_cmd_string_from_valstr(void)
+{
+	char *cmd;
+	const struct value_string printf_seq_vs[] = {
+		{ .value = 42, .str = "[foo%s%s%s%s%s]"},
+		{ .value = 43, .str = "[bar%s%s%s%s%s]"},
+		{ .value = 0,  .str = NULL}
+	};
+
+	printf("Going to test vty_cmd_string_from_valstr()\n");
+
+	/* check against character strings that could break printf */
+
+	cmd = vty_cmd_string_from_valstr (NULL, printf_seq_vs, "[prefix%s%s%s%s%s]", "[sep%s%s%s%s%s]", "[end%s%s%s%s%s]", 1);
+	printf ("Tested with %%s-strings, resulting cmd = '%s'\n", cmd);
+	talloc_free (cmd);
+}
+
+int main(int argc, char **argv)
+{
+	test_cmd_string_from_valstr();
+	printf("All tests passed\n");
+
+	return 0;
+}
diff --git a/tests/vty/vty_test.ok b/tests/vty/vty_test.ok
new file mode 100644
index 00000000..9ff68c88
--- /dev/null
+++ b/tests/vty/vty_test.ok
@@ -0,0 +1,3 @@
+Going to test vty_cmd_string_from_valstr()
+Tested with %s-strings, resulting cmd = '[prefix%s%s%s%s%s][foo%s%s%s%s%s][sep%s%s%s%s%s]['
+All tests passed
-- 
cgit v1.2.3