[PATCH] stkutil: fix crash issue cause by null length of text string

[PATCH] stkutil: fix crash issue cause by null length of text string

[Lucas, GuillaumeX]

[-- Attachment #1: Type: text/plain, Size: 1672 bytes --]

From: Guillaume Lucas <guillaumex.lucas@intel.com>

According to 3GPP TS 31.124 a null length for the text string
should be allowed. An empty string must be returned to the
user in this case.
---
 src/stkutil.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/stkutil.c b/src/stkutil.c
index a211462..cab22f4 100644
--- a/src/stkutil.c
+++ b/src/stkutil.c
@@ -562,7 +562,7 @@ static gboolean parse_dataobj_text(struct comprehension_tlv_iter *iter,
 {
 	char **text = user;
 	unsigned int len = comprehension_tlv_iter_get_length(iter);
-	const unsigned char *data = comprehension_tlv_iter_get_data(iter);
+	const unsigned char *data;
 	char *utf8;
 
 	/* DCS followed by some text, cannot be 1 */
@@ -570,10 +570,12 @@ static gboolean parse_dataobj_text(struct comprehension_tlv_iter *iter,
 		return FALSE;
 
 	if (len == 0) {
-		*text = NULL;
+		*text = g_try_malloc0(1);
 		return TRUE;
 	}
 
+	data = comprehension_tlv_iter_get_data(iter);
+
 	utf8 = decode_text(data[0], len - 1, data + 1);
 
 	if (utf8 == NULL)
-- 
1.7.0.4

---------------------------------------------------------------------
Intel Corporation SAS (French simplified joint stock company)
Registered headquarters: "Les Montalets"- 2, rue de Paris, 
92196 Meudon Cedex, France
Registration Number:  302 456 199 R.C.S. NANTERRE
Capital: 4,572,000 Euros

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

Re: [PATCH] stkutil: fix crash issue cause by null length of text string

[Andrzej Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 544 bytes --]

Hi Guillaume,

On 7 December 2010 11:58, Lucas, GuillaumeX <guillaumex.lucas@intel.com> wrote:
> From: Guillaume Lucas <guillaumex.lucas@intel.com>
>
> According to 3GPP TS 31.124 a null length for the text string
> should be allowed. An empty string must be returned to the
> user in this case.

Can you give the circumstances in which the crash happens?  stk.c is
already checking for NULL texts and we shouldn't confuse the empty
data object and empty string.  Maybe another check is missing
somewhere in stk.c.

Best regards

RE: [PATCH] stkutil: fix crash issue cause by null length of text string

[Jeevaka.Badrappan]

[-- Attachment #1: Type: text/plain, Size: 1152 bytes --]


Hi Guillaume,
 
> 
> According to 3GPP TS 31.124 a null length for the text string 
> should be allowed. An empty string must be returned to the 
> user in this case.
> ---
>  src/stkutil.c |    6 ++++--
>  1 files changed, 4 insertions(+), 2 deletions(-)
> 

Agree. As per the 3GPP TS 31.124 null text string will be indicated with
length 0.
So, in first place if (text == NULL) check in handle_command_get_input, 
handle_command_get_inkey has to be removed. Removing this check will
result
in crash due to the fact that we are not handling this case properly
neither
in parse_dataobj_text nor in corresponding stkagent functions.

There are 2ways to solve this issue:

First option - Fix provided in the function parse_dataobj_text( e.g.
*text = "")
Second option - In all the stk_agent_ function which has this text
string we 
                need to check for NULL and assign it to empty string if
it is NULL.
      
First option seems to be right and also better one.

In both the cases, if (text == NULL) check in handle_command_get_inkey,
handle_command_get_input etc needs to be removed.

Regards,
Jeevaka

Re: [PATCH] stkutil: fix crash issue cause by null length of text string

[Andrzej Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 1236 bytes --]

On 7 December 2010 22:55,  <Jeevaka.Badrappan@elektrobit.com> wrote:
> Hi Guillaume,
>
>>
>> According to 3GPP TS 31.124 a null length for the text string
>> should be allowed. An empty string must be returned to the
>> user in this case.
>> ---
>>  src/stkutil.c |    6 ++++--
>>  1 files changed, 4 insertions(+), 2 deletions(-)
>>
>
> Agree. As per the 3GPP TS 31.124 null text string will be indicated with
> length 0.
> So, in first place if (text == NULL) check in handle_command_get_input,
> handle_command_get_inkey has to be removed. Removing this check will
> result
> in crash due to the fact that we are not handling this case properly
> neither
> in parse_dataobj_text nor in corresponding stkagent functions.
>
> There are 2ways to solve this issue:
>
> First option - Fix provided in the function parse_dataobj_text( e.g.
> *text = "")
> Second option - In all the stk_agent_ function which has this text
> string we
>                need to check for NULL and assign it to empty string if
> it is NULL.
>
> First option seems to be right and also better one.

Ah you're right.  I had confused the Text object with Alpha Id (where
"" is different from NULL).

Best regards

RE: [PATCH] stkutil: fix crash issue cause by null length of text string

[Lucas, GuillaumeX]

[-- Attachment #1: Type: text/plain, Size: 1927 bytes --]

Hi

> 
> On 7 December 2010 22:55,  <Jeevaka.Badrappan@elektrobit.com> wrote:
> > Hi Guillaume,
> >
> >>
> >> According to 3GPP TS 31.124 a null length for the text string
> >> should be allowed. An empty string must be returned to the
> >> user in this case.
> >> ---
> >>  src/stkutil.c |    6 ++++--
> >>  1 files changed, 4 insertions(+), 2 deletions(-)
> >>
> >
> > Agree. As per the 3GPP TS 31.124 null text string will be indicated
> with
> > length 0.
> > So, in first place if (text == NULL) check in
> handle_command_get_input,
> > handle_command_get_inkey has to be removed. Removing this check will
> > result
> > in crash due to the fact that we are not handling this case properly
> > neither
> > in parse_dataobj_text nor in corresponding stkagent functions.
> >
> > There are 2ways to solve this issue:
> >
> > First option - Fix provided in the function parse_dataobj_text( e.g.
> > *text = "")
> > Second option - In all the stk_agent_ function which has this text
> > string we
> >                need to check for NULL and assign it to empty string
> if
> > it is NULL.
> >
> > First option seems to be right and also better one.
> 

Agree. It's why I've did this one :)
I'll be more explicit in the description for my future patches. Especially for crash issue.

Regards,
Guillaume
---------------------------------------------------------------------
Intel Corporation SAS (French simplified joint stock company)
Registered headquarters: "Les Montalets"- 2, rue de Paris, 
92196 Meudon Cedex, France
Registration Number:  302 456 199 R.C.S. NANTERRE
Capital: 4,572,000 Euros

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

Re: [PATCH] stkutil: fix crash issue cause by null length of text string

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 505 bytes --]

Hi Guillaume,

On 12/07/2010 04:58 AM, Lucas, GuillaumeX wrote:
> From: Guillaume Lucas <guillaumex.lucas@intel.com>
> 
> According to 3GPP TS 31.124 a null length for the text string
> should be allowed. An empty string must be returned to the
> user in this case.
> ---
>  src/stkutil.c |    6 ++++--
>  1 files changed, 4 insertions(+), 2 deletions(-)
> 

Patch has been applied, but please re-run the unit tests when you change
stkutil.  You actually broke a few ;)

Regards,
-Denis