You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mynewt.apache.org by GitBox <gi...@apache.org> on 2021/02/26 09:49:06 UTC

[GitHub] [mynewt-nimble] andrzej-kaczmarek commented on a change in pull request #924: btshell/cmd.c: make strcpy in parse_dev_addr memory safe

andrzej-kaczmarek commented on a change in pull request #924:
URL: https://github.com/apache/mynewt-nimble/pull/924#discussion_r583513787



##########
File path: apps/btshell/src/cmd.c
##########
@@ -99,12 +99,11 @@ parse_dev_addr(const char *prefix, const struct kv_pair *addr_types,
     char name[32];
     int rc;
 
-    /* XXX string operations below are not quite safe, but do we care? */
-
+    /* Valid prefixes are peer_, own_, or null. Let's copy up to 5 characters */
     if (!prefix) {
         name[0] = '\0';
     } else {
-        strcpy(name, prefix);
+        strncpy(name, prefix, 5);

Review comment:
       strncpy will not null terminate name if prefix is longer than 5 characters




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org