diff options
| author | Johan Hedberg <johan.hedberg@nokia.com> | 2009-02-25 17:48:40 +0200 |
|---|---|---|
| committer | Johan Hedberg <johan.hedberg@nokia.com> | 2009-02-25 17:48:40 +0200 |
| commit | 1c195ab280da561f38e54449e4eb3d6882c69b3b (patch) | |
| tree | 12583570730c9e5a1505416aa445666aa1449f6b | |
| parent | d7aa6d1b2d6f3fc48b8287ea04c741078b22f2da (diff) | |
Fix strncpy length parameters to avoid non-nul-terminated strings
| -rw-r--r-- | compat/fakehid.c | 2 | ||||
| -rw-r--r-- | compat/sdp.c | 4 | ||||
| -rw-r--r-- | input/device.c | 4 | ||||
| -rw-r--r-- | network/bridge.c | 2 | ||||
| -rw-r--r-- | network/common.c | 4 | ||||
| -rw-r--r-- | network/connection.c | 4 | ||||
| -rw-r--r-- | network/server.c | 2 | ||||
| -rw-r--r-- | src/main.c | 3 | ||||
| -rw-r--r-- | test/hciemu.c | 3 |
9 files changed, 15 insertions, 13 deletions
diff --git a/compat/fakehid.c b/compat/fakehid.c index bed05c36..438185d3 100644 --- a/compat/fakehid.c +++ b/compat/fakehid.c @@ -97,7 +97,7 @@ static int uinput_create(char *name, int keyboard, int mouse) memset(&dev, 0, sizeof(dev)); if (name) - strncpy(dev.name, name, UINPUT_MAX_NAME_SIZE); + strncpy(dev.name, name, UINPUT_MAX_NAME_SIZE - 1); dev.id.bustype = BUS_BLUETOOTH; dev.id.vendor = 0x0000; diff --git a/compat/sdp.c b/compat/sdp.c index bb188f6a..d411c05f 100644 --- a/compat/sdp.c +++ b/compat/sdp.c @@ -259,11 +259,11 @@ int get_sdp_device_info(const bdaddr_t *src, const bdaddr_t *dst, struct hidp_co strncat(req->name, pdlist->val.str, sizeof(req->name) - strlen(req->name)); } else - strncpy(req->name, pdlist->val.str, sizeof(req->name)); + strncpy(req->name, pdlist->val.str, sizeof(req->name) - 1); } else { pdlist2 = sdp_data_get(rec, 0x0100); if (pdlist2) - strncpy(req->name, pdlist2->val.str, sizeof(req->name)); + strncpy(req->name, pdlist2->val.str, sizeof(req->name) - 1); } pdlist = sdp_data_get(rec, 0x0201); diff --git a/input/device.c b/input/device.c index a41df177..0090bd4b 100644 --- a/input/device.c +++ b/input/device.c @@ -177,7 +177,7 @@ static int uinput_create(char *name) memset(&dev, 0, sizeof(dev)); if (name) - strncpy(dev.name, name, UINPUT_MAX_NAME_SIZE); + strncpy(dev.name, name, UINPUT_MAX_NAME_SIZE - 1); dev.id.bustype = BUS_BLUETOOTH; dev.id.vendor = 0x0000; @@ -635,7 +635,7 @@ static int hidp_add_connection(const struct input_device *idev, } if (idev->name) - strncpy(req->name, idev->name, 128); + strncpy(req->name, idev->name, sizeof(req->name) - 1); /* Encryption is mandatory for keyboards */ if (req->subclass & 0x40) { diff --git a/network/bridge.c b/network/bridge.c index 7d84349e..995da5c9 100644 --- a/network/bridge.c +++ b/network/bridge.c @@ -120,7 +120,7 @@ int bridge_add_interface(int id, const char *dev) return -ENODEV; memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_name, name, IFNAMSIZ); + strncpy(ifr.ifr_name, name, IFNAMSIZ - 1); ifr.ifr_ifindex = ifindex; err = ioctl(bridge_socket, SIOCBRADDIF, &ifr); diff --git a/network/common.c b/network/common.c index 371d74bf..f8967afd 100644 --- a/network/common.c +++ b/network/common.c @@ -262,7 +262,7 @@ int bnep_if_up(const char *devname, uint16_t id) sd = socket(AF_INET6, SOCK_DGRAM, 0); memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_name, devname, IF_NAMESIZE); + strncpy(ifr.ifr_name, devname, IF_NAMESIZE - 1); ifr.ifr_flags |= IFF_UP; ifr.ifr_flags |= IFF_MULTICAST; @@ -352,7 +352,7 @@ int bnep_if_down(const char *devname) done: sd = socket(AF_INET6, SOCK_DGRAM, 0); memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_name, devname, IF_NAMESIZE); + strncpy(ifr.ifr_name, devname, IF_NAMESIZE - 1); ifr.ifr_flags &= ~IFF_UP; diff --git a/network/connection.c b/network/connection.c index bc693aba..843a57a7 100644 --- a/network/connection.c +++ b/network/connection.c @@ -169,7 +169,7 @@ static gboolean bnep_watchdog_cb(GIOChannel *chan, GIOCondition cond, bnep_if_down(nc->dev); nc->state = DISCONNECTED; memset(nc->dev, 0, 16); - strncpy(nc->dev, prefix, strlen(prefix)); + strncpy(nc->dev, prefix, sizeof(nc->dev) - 1); g_io_channel_shutdown(chan, TRUE, NULL); return FALSE; @@ -625,7 +625,7 @@ int connection_register(const char *path, bdaddr_t *src, bdaddr_t *dst, nc = g_new0(struct network_conn, 1); nc->id = id; memset(nc->dev, 0, 16); - strncpy(nc->dev, prefix, strlen(prefix)); + strncpy(nc->dev, prefix, sizeof(nc->dev) - 1); nc->state = DISCONNECTED; nc->peer = peer; diff --git a/network/server.c b/network/server.c index af1a8664..77a1f4b8 100644 --- a/network/server.c +++ b/network/server.c @@ -283,7 +283,7 @@ static int server_connadd(struct network_server *ns, return -EPERM; memset(devname, 0, 16); - strncpy(devname, prefix, strlen(prefix)); + strncpy(devname, prefix, sizeof(devname) - 1); nsk = g_io_channel_unix_get_fd(session->io); err = bnep_connadd(nsk, dst_role, devname); @@ -189,7 +189,8 @@ static void parse_config(GKeyFile *config) g_clear_error(&err); } else { debug("deviceid=%s", str); - strncpy(main_opts.deviceid, str, sizeof(main_opts.deviceid)); + strncpy(main_opts.deviceid, str, + sizeof(main_opts.deviceid) - 1); g_free(str); } diff --git a/test/hciemu.c b/test/hciemu.c index 43cec1ed..9f651bc4 100644 --- a/test/hciemu.c +++ b/test/hciemu.c @@ -1314,7 +1314,8 @@ int main(int argc, char *argv[]) vdev.features[7] = 0x80; memset(vdev.name, 0, sizeof(vdev.name)); - strncpy((char *) vdev.name, "BlueZ (Virtual HCI)", sizeof(vdev.name)); + strncpy((char *) vdev.name, "BlueZ (Virtual HCI)", + sizeof(vdev.name) - 1); vdev.dev_class[0] = 0x00; vdev.dev_class[1] = 0x00; |