Fix strcpy into fixed size buffer in conf.c
Problem reported by Coverity: CID 1090340 (#1 of 2): Copy into fixed size buffer (STRING_OVERFLOW) fixed_size_dest: You might overrun the 256 byte fixed-size string "context->user_defined_devices[context->user_defined_device_count - 1U].name" by copying "value" without checking the length. parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. CID 1090340 (#2 of 2): Copy into fixed size buffer (STRING_OVERFLOW)[select issue]
This commit is contained in:
Philippe Teuwen
parent
d9854cfdd9
commit
b5d76a327d
1 changed files with 4 additions and 2 deletions
|
|
@ -134,7 +134,8 @@ conf_keyvalue_context(void *data, const char *key, const char *value)
|
||||||
}
|
}
|
||||||
context->user_defined_device_count++;
|
context->user_defined_device_count++;
|
||||||
}
|
}
|
||||||
strcpy(context->user_defined_devices[context->user_defined_device_count - 1].name, value);
|
strncpy(context->user_defined_devices[context->user_defined_device_count - 1].name, value, DEVICE_NAME_LENGTH - 1);
|
||||||
|
context->user_defined_devices[context->user_defined_device_count - 1].name[DEVICE_NAME_LENGTH - 1] = '\0';
|
||||||
} else if (strcmp(key, "device.connstring") == 0) {
|
} else if (strcmp(key, "device.connstring") == 0) {
|
||||||
if ((context->user_defined_device_count == 0) || strcmp(context->user_defined_devices[context->user_defined_device_count - 1].connstring, "") != 0) {
|
if ((context->user_defined_device_count == 0) || strcmp(context->user_defined_devices[context->user_defined_device_count - 1].connstring, "") != 0) {
|
||||||
if (context->user_defined_device_count >= MAX_USER_DEFINED_DEVICES) {
|
if (context->user_defined_device_count >= MAX_USER_DEFINED_DEVICES) {
|
||||||
|
|
@ -143,7 +144,8 @@ conf_keyvalue_context(void *data, const char *key, const char *value)
|
||||||
}
|
}
|
||||||
context->user_defined_device_count++;
|
context->user_defined_device_count++;
|
||||||
}
|
}
|
||||||
strcpy(context->user_defined_devices[context->user_defined_device_count - 1].connstring, value);
|
strncpy(context->user_defined_devices[context->user_defined_device_count - 1].connstring, value, NFC_BUFSIZE_CONNSTRING - 1);
|
||||||
|
context->user_defined_devices[context->user_defined_device_count - 1].connstring[NFC_BUFSIZE_CONNSTRING - 1] = '\0';
|
||||||
} else if (strcmp(key, "device.optional") == 0) {
|
} else if (strcmp(key, "device.optional") == 0) {
|
||||||
if ((context->user_defined_device_count == 0) || context->user_defined_devices[context->user_defined_device_count - 1].optional) {
|
if ((context->user_defined_device_count == 0) || context->user_defined_devices[context->user_defined_device_count - 1].optional) {
|
||||||
if (context->user_defined_device_count >= MAX_USER_DEFINED_DEVICES) {
|
if (context->user_defined_device_count >= MAX_USER_DEFINED_DEVICES) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue