diff options
| author | Anderson Lizardo <anderson.lizardo@openbossa.org> | 2014-01-03 21:55:17 -0400 |
|---|---|---|
| committer | Johan Hedberg <johan.hedberg@intel.com> | 2014-01-06 21:20:23 +0200 |
| commit | 76f3c751ed11e05271a459c349603142821a992d (patch) | |
| tree | eb27d15f1020a300efb8376e7102b2e9003f3560 /tools/hciconfig.c | |
| parent | 2b35d9555024ef4b92d51358c20bb972bb29bb12 (diff) | |
| download | bluez-76f3c751ed11e05271a459c349603142821a992d.tar.gz | |
tools: Fix strncat() usage in hciconfig/hcitool
According to strncat() manpage:
"If src contains n or more characters, strncat() writes n+1 characters
to dest (n from src plus the terminating null byte). Therefore, the
size of dest must be at least strlen(dest)+n+1"
While the current usage of strncat() cannot cause an overflow, if a
bigger string is added to the switch()'s without increasing the static
buffer, it would overflow by one byte due to the incorrect size
calculation.
Fixes clang errors like:
tools/hciconfig.c:827:33: error: the value of the size argument in
'strncat' is too large, might lead to a buffer overflow
[-Werror,-Wstrncat-size]
Diffstat (limited to 'tools/hciconfig.c')
| -rw-r--r-- | tools/hciconfig.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/tools/hciconfig.c b/tools/hciconfig.c index fe451677b..6c7f8edea 100644 --- a/tools/hciconfig.c +++ b/tools/hciconfig.c @@ -824,25 +824,32 @@ static char *get_minor_device_name(int major, int minor) case 0: break; case 1: - strncat(cls_str, "Joystick", sizeof(cls_str) - strlen(cls_str)); + strncat(cls_str, "Joystick", + sizeof(cls_str) - strlen(cls_str) - 1); break; case 2: - strncat(cls_str, "Gamepad", sizeof(cls_str) - strlen(cls_str)); + strncat(cls_str, "Gamepad", + sizeof(cls_str) - strlen(cls_str) - 1); break; case 3: - strncat(cls_str, "Remote control", sizeof(cls_str) - strlen(cls_str)); + strncat(cls_str, "Remote control", + sizeof(cls_str) - strlen(cls_str) - 1); break; case 4: - strncat(cls_str, "Sensing device", sizeof(cls_str) - strlen(cls_str)); + strncat(cls_str, "Sensing device", + sizeof(cls_str) - strlen(cls_str) - 1); break; case 5: - strncat(cls_str, "Digitizer tablet", sizeof(cls_str) - strlen(cls_str)); + strncat(cls_str, "Digitizer tablet", + sizeof(cls_str) - strlen(cls_str) - 1); break; case 6: - strncat(cls_str, "Card reader", sizeof(cls_str) - strlen(cls_str)); + strncat(cls_str, "Card reader", + sizeof(cls_str) - strlen(cls_str) - 1); break; default: - strncat(cls_str, "(reserved)", sizeof(cls_str) - strlen(cls_str)); + strncat(cls_str, "(reserved)", + sizeof(cls_str) - strlen(cls_str) - 1); break; } if (strlen(cls_str) > 0) |