You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mynewt.apache.org by GitBox <gi...@apache.org> on 2021/02/26 07:47:50 UTC

[GitHub] [mynewt-nimble] KKopyscinski commented on a change in pull request #924: btshell/cmd.c: make strcpy in parse_dev_addr memory safe

KKopyscinski commented on a change in pull request #924:
URL: https://github.com/apache/mynewt-nimble/pull/924#discussion_r583442831



##########
File path: apps/btshell/src/cmd.c
##########
@@ -99,7 +99,10 @@ parse_dev_addr(const char *prefix, const struct kv_pair *addr_types,
     char name[32];
     int rc;
 
-    /* XXX string operations below are not quite safe, but do we care? */
+    /* Make sure we're not copying/concatenating more than sizeof name  */
+    if (sizeof(prefix)+sizeof("addr")+sizeof("_type") > sizeof(name)) {

Review comment:
       fixed, let's just copy up to n valid characters, we know how many that is for the prefix (5). If prefix is wrong it'll return error later




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org