From b5d76a327d48d3fb812ccde4067d7585fa55767a Mon Sep 17 00:00:00 2001
From: Philippe Teuwen <yobibe@gmail.com>
Date: Sun, 22 Sep 2013 01:54:15 +0200
Subject: [PATCH] Fix strcpy into fixed size buffer in conf.c

Problem reported by Coverity:

CID 1090340 (#1 of 2): Copy into fixed size buffer (STRING_OVERFLOW)
  fixed_size_dest: You might overrun the 256 byte fixed-size string "context->user_defined_devices[context->user_defined_device_count - 1U].name" by copying "value" without checking the length.
  parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.
CID 1090340 (#2 of 2): Copy into fixed size buffer (STRING_OVERFLOW)[select issue]
---
 libnfc/conf.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libnfc/conf.c b/libnfc/conf.c
index f628d15..7bda47d 100644
--- a/libnfc/conf.c
+++ b/libnfc/conf.c
@@ -134,7 +134,8 @@ conf_keyvalue_context(void *data, const char *key, const char *value)
       }
       context->user_defined_device_count++;
     }
-    strcpy(context->user_defined_devices[context->user_defined_device_count - 1].name, value);
+    strncpy(context->user_defined_devices[context->user_defined_device_count - 1].name, value, DEVICE_NAME_LENGTH - 1);
+    context->user_defined_devices[context->user_defined_device_count - 1].name[DEVICE_NAME_LENGTH - 1] = '\0';
   } else if (strcmp(key, "device.connstring") == 0) {
     if ((context->user_defined_device_count == 0) || strcmp(context->user_defined_devices[context->user_defined_device_count - 1].connstring, "") != 0) {
       if (context->user_defined_device_count >= MAX_USER_DEFINED_DEVICES) {
@@ -143,7 +144,8 @@ conf_keyvalue_context(void *data, const char *key, const char *value)
       }
       context->user_defined_device_count++;
     }
-    strcpy(context->user_defined_devices[context->user_defined_device_count - 1].connstring, value);
+    strncpy(context->user_defined_devices[context->user_defined_device_count - 1].connstring, value, NFC_BUFSIZE_CONNSTRING - 1);
+    context->user_defined_devices[context->user_defined_device_count - 1].connstring[NFC_BUFSIZE_CONNSTRING - 1] = '\0';
   } else if (strcmp(key, "device.optional") == 0) {
     if ((context->user_defined_device_count == 0) || context->user_defined_devices[context->user_defined_device_count - 1].optional) {
       if (context->user_defined_device_count >= MAX_USER_DEFINED_DEVICES) {