You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by xi...@apache.org on 2020/01/08 12:43:51 UTC

[incubator-nuttx-apps] 04/04: system: readline: Improve security

This is an automated email from the ASF dual-hosted git repository.

xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx-apps.git

commit 967e7e29122d636ed00db0e4b1f046f267c276ab
Author: Alin Jerpelea <al...@sony.com>
AuthorDate: Tue Dec 31 14:47:28 2019 +0900

    system: readline: Improve security
---
 system/readline/readline_common.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/system/readline/readline_common.c b/system/readline/readline_common.c
index 92a98c5..21c9217 100644
--- a/system/readline/readline_common.c
+++ b/system/readline/readline_common.c
@@ -144,6 +144,7 @@ static int count_builtin_matches(FAR char *buf, FAR int *matches, int namelen)
  *   vtbl   - vtbl used to access implementation specific interface
  *   buf     - The user allocated buffer to be filled.
  *   buflen  - the size of the buffer.
+ *   nch     - the number of characters.
  *
  * Returned Value:
  *   None.
@@ -152,7 +153,7 @@ static int count_builtin_matches(FAR char *buf, FAR int *matches, int namelen)
 
 #ifdef CONFIG_READLINE_TABCOMPLETION
 static void tab_completion(FAR struct rl_common_s *vtbl, char *buf,
-                           int *nch)
+                           int buflen, int *nch)
 {
   FAR const char *name = NULL;
   char tmp_name[CONFIG_TASK_NAME_SIZE + 1];
@@ -271,7 +272,7 @@ static void tab_completion(FAR struct rl_common_s *vtbl, char *buf,
 
               if (tmp_name[0] == '\0')
                 {
-                  strcpy(tmp_name, name);
+                  strncpy(tmp_name, name, sizeof(tmp_name) - 1);
                 }
 
               RL_PUTC(vtbl, ' ');
@@ -306,7 +307,7 @@ static void tab_completion(FAR struct rl_common_s *vtbl, char *buf,
 
               if (tmp_name[0] == '\0')
                 {
-                  strcpy(tmp_name, name);
+                  strncpy(tmp_name, name, sizeof(tmp_name) - 1);
                 }
 
               RL_PUTC(vtbl, ' ');
@@ -329,7 +330,7 @@ static void tab_completion(FAR struct rl_common_s *vtbl, char *buf,
               RL_PUTC(vtbl, '\n');
             }
 #endif
-          strcpy(buf, tmp_name);
+          strncpy(buf, tmp_name, buflen - 1);
 
           name_len = strlen(tmp_name);
 
@@ -729,7 +730,7 @@ ssize_t readline_common(FAR struct rl_common_s *vtbl, FAR char *buf, int buflen)
 #ifdef CONFIG_READLINE_TABCOMPLETION
      else if (ch == '\t') /* Nghia - TAB character */
         {
-          tab_completion(vtbl, buf, &nch);
+          tab_completion(vtbl, buf, buflen, &nch);
         }
 #endif
     }