diff options
author | Alexander Wenzel <Alexander.AW.Wenzel@bmw.de> | 2013-07-25 17:02:42 +0200 |
---|---|---|
committer | Alexander Wenzel <Alexander.AW.Wenzel@bmw.de> | 2013-07-26 09:14:43 +0200 |
commit | 4b6a67cf7c32bb816268c069380d64af745381f0 (patch) | |
tree | 2b5f8ceeecdca035e0ce6db3c71a0339cc41dc5b /src/system | |
parent | 2e7db1befc1375f1f097f9736340205fbc350550 (diff) | |
download | DLT-daemon-4b6a67cf7c32bb816268c069380d64af745381f0.tar.gz |
Fixed security issue in dlt-system-shell regarding strncpy.
Signed-off-by: Alexander Wenzel <Alexander.AW.Wenzel@bmw.de>
Diffstat (limited to 'src/system')
-rw-r--r-- | src/system/dlt-system-shell.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/system/dlt-system-shell.c b/src/system/dlt-system-shell.c index 61b4b50..5a35593 100644 --- a/src/system/dlt-system-shell.c +++ b/src/system/dlt-system-shell.c @@ -55,18 +55,31 @@ #include <string.h> #include <stdlib.h> +#define DLT_SHELL_COMMAND_MAX_LENGTH 1024 + DLT_IMPORT_CONTEXT(dltsystem) DLT_DECLARE_CONTEXT(shellContext) int dlt_shell_injection_callback(uint32_t service_id, void *data, uint32_t length) { + (void) length; + DLT_LOG(shellContext,DLT_LOG_DEBUG, DLT_STRING("dlt-system-shell, injection callback")); - char text[1024]; + char text[DLT_SHELL_COMMAND_MAX_LENGTH]; int syserr = 0; - strncpy(text,data,length); - + if(length<DLT_SHELL_COMMAND_MAX_LENGTH-2) + { + strncpy(text,data,length); + text[length] = 0; + } + else + { + strncpy(text,data,DLT_SHELL_COMMAND_MAX_LENGTH-2); + text[DLT_SHELL_COMMAND_MAX_LENGTH-1] = 0; + } + DLT_LOG(shellContext,DLT_LOG_DEBUG, DLT_STRING("dlt-system-shell, injection injection id:"), DLT_UINT32(service_id)); |