From 154d225b934de70387533f3dfaf5d449a580c28b Mon Sep 17 00:00:00 2001
From: michael-methner <mmethner@de.adit-jv.com>
Date: Tue, 11 Oct 2022 04:53:12 +0200
Subject: Avoid memory corruption behind buffer wp in function
 dlt_getloginfo_conv_ascii_to_id (#411)

* Avoid memory corruption behind buffer wp in function dlt_getloginfo_conv_ascii_to_id

- Introduced new function dlt_getloginfo_conv_ascii_to_string for '\0' terminated strings
- Avoid printing garbage characters in dlt-control after APID and CTID (which are not null terminated anymore)
- Added unit test for dlt_client_parse_get_log_info_resp_text and dlt_getloginfo_conv_ascii_to_string
- Use dlt_getloginfo_conv_ascii_to_string to get '\0' terminated for app_description and context_description

Signed-off-by: Michael Methner <mmethner@de.adit-jv.com>
---
 src/console/dlt-control.c |  8 ++++----
 src/lib/dlt_client.c      |  4 ++--
 src/shared/dlt_common.c   | 23 ++++++++++++++++++-----
 3 files changed, 24 insertions(+), 11 deletions(-)

(limited to 'src')

diff --git a/src/console/dlt-control.c b/src/console/dlt-control.c
index 7bf091a..8fbf9f0 100644
--- a/src/console/dlt-control.c
+++ b/src/console/dlt-control.c
@@ -212,9 +212,9 @@ void dlt_process_get_log_info(void)
             dlt_print_id(apid, app.app_id);
 
             if (app.app_description != 0)
-                printf("APID:%4s %s\n", apid, app.app_description);
+                printf("APID:%4.4s %s\n", apid, app.app_description);
             else
-                printf("APID:%4s \n", apid);
+                printf("APID:%4.4s \n", apid);
 
             for (j = 0; j < app.count_context_ids; j++) {
                 con = app.context_id_info[j];
@@ -222,13 +222,13 @@ void dlt_process_get_log_info(void)
                 dlt_print_id(ctid, con.context_id);
 
                 if (con.context_description != 0)
-                    printf("CTID:%4s %2d %2d %s\n",
+                    printf("CTID:%4.4s %2d %2d %s\n",
                         ctid,
                         con.log_level,
                         con.trace_status,
                         con.context_description);
                 else
-                    printf("CTID:%4s %2d %2d\n",
+                    printf("CTID:%4.4s %2d %2d\n",
                         ctid,
                         con.log_level,
                         con.trace_status);
diff --git a/src/lib/dlt_client.c b/src/lib/dlt_client.c
index 245ebef..c032fd4 100644
--- a/src/lib/dlt_client.c
+++ b/src/lib/dlt_client.c
@@ -1332,7 +1332,7 @@ DltReturnValue dlt_client_parse_get_log_info_resp_text(DltServiceGetLogInfoRespo
                     return DLT_RETURN_ERROR;
                 }
 
-                dlt_getloginfo_conv_ascii_to_id(rp,
+                dlt_getloginfo_conv_ascii_to_string(rp,
                                                 &rp_count,
                                                 con->context_description,
                                                 con->len_context_description);
@@ -1352,7 +1352,7 @@ DltReturnValue dlt_client_parse_get_log_info_resp_text(DltServiceGetLogInfoRespo
                 return DLT_RETURN_ERROR;
             }
 
-            dlt_getloginfo_conv_ascii_to_id(rp,
+            dlt_getloginfo_conv_ascii_to_string(rp,
                                             &rp_count,
                                             app->app_description,
                                             app->len_app_description);
diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c
index 2ab6ed9..4dfbc20 100644
--- a/src/shared/dlt_common.c
+++ b/src/shared/dlt_common.c
@@ -4084,17 +4084,31 @@ int16_t dlt_getloginfo_conv_ascii_to_int16_t(char *rp, int *rp_count)
     return (signed char)strtol(num_work, &endptr, 16);
 }
 
-void dlt_getloginfo_conv_ascii_to_id(char *rp, int *rp_count, char *wp, int len)
+void dlt_getloginfo_conv_ascii_to_string(char *rp, int *rp_count, char *wp, int len)
+{
+    if ((rp == NULL ) || (rp_count == NULL ) || (wp == NULL ))
+        return;
+    /* ------------------------------------------------------
+     *  from: [72 65 6d 6f ] -> to: [0x72,0x65,0x6d,0x6f,0x00]
+     *  ------------------------------------------------------ */
+
+    int count = dlt_getloginfo_conv_ascii_to_id(rp, rp_count, wp, len);
+    *(wp + count) = '\0';
+
+    return;
+}
+
+int dlt_getloginfo_conv_ascii_to_id(char *rp, int *rp_count, char *wp, int len)
 {
     char number16[3] = { 0 };
     char *endptr;
     int count;
 
     if ((rp == NULL) || (rp_count == NULL) || (wp == NULL))
-        return;
+        return 0;
 
     /* ------------------------------------------------------
-     *  from: [72 65 6d 6f ] -> to: [0x72,0x65,0x6d,0x6f,0x00]
+     *  from: [72 65 6d 6f ] -> to: [0x72,0x65,0x6d,0x6f]
      *  ------------------------------------------------------ */
     for (count = 0; count < len; count++) {
         number16[0] = *(rp + *rp_count + 0);
@@ -4103,8 +4117,7 @@ void dlt_getloginfo_conv_ascii_to_id(char *rp, int *rp_count, char *wp, int len)
         *rp_count += 3;
     }
 
-    *(wp + count) = 0;
-    return;
+    return count;
 }
 
 void dlt_hex_ascii_to_binary(const char *ptr, uint8_t *binary, int *size)
-- 
cgit v1.2.1