From d7c0c62f8f6b71c68bfd777d7454fe4c12760863 Mon Sep 17 00:00:00 2001 From: Dirk Hohndel Date: Thu, 28 Dec 2017 08:41:40 -0800 Subject: [PATCH] Cleanup: ensure string is 0 terminated The Linux kernel uses the sir_name as a standard C string (in one instance copying it into a 60 char buffer using kstrncpy with a length limit of 60), we therefore need to ensure that it is 0 terminated. Since the existing code didn't notify the caller if we were truncating the string at 25 characters, I didn't add such a warning/error for truncating at 24 characters. I was not able to find documentation on how Windows uses irdaServiceName but since this is implementing the same standard, the same change was made to the Windows code. In both cases I replaced the hardcoded length of 25 with a sizeof() argument (but both Linux and Windows hard code that length in their headers, so it seems unlikely this would ever change). Coverity CID 207790 Signed-off-by: Dirk Hohndel --- src/irda.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/irda.c b/src/irda.c index 149808a..972c125 100644 --- a/src/irda.c +++ b/src/irda.c @@ -221,18 +221,22 @@ dc_irda_connect_name (dc_iostream_t *abstract, unsigned int address, const char peer.irdaDeviceID[1] = (address >> 8) & 0xFF; peer.irdaDeviceID[2] = (address >> 16) & 0xFF; peer.irdaDeviceID[3] = (address >> 24) & 0xFF; - if (name) - strncpy (peer.irdaServiceName, name, 25); - else - memset (peer.irdaServiceName, 0x00, 25); + if (name) { + strncpy (peer.irdaServiceName, name, sizeof(peer.irdaServiceName) - 1); + peer.irdaServiceName[sizeof(peer.irdaServiceName) - 1] = '\0'; + } else { + memset (peer.irdaServiceName, 0x00, sizeof(peer.irdaServiceName)); + } #else struct sockaddr_irda peer; peer.sir_family = AF_IRDA; peer.sir_addr = address; - if (name) - strncpy (peer.sir_name, name, 25); - else - memset (peer.sir_name, 0x00, 25); + if (name) { + strncpy (peer.sir_name, name, sizeof(peer.sir_name) - 1); + peer.sir_name[sizeof(peer.sir_name) - 1] = '\0'; + } else { + memset (peer.sir_name, 0x00, sizeof(peer.sir_name)); + } #endif return dc_socket_connect (&device->base, (struct sockaddr *) &peer, sizeof (peer));