diff mbox series

[BlueZ,v2,4/4] settings: limit string size in gatt_db_load()

Message ID 20240709143503.12142-5-r.smirnov@omp.ru (mailing list archive)
State Accepted
Commit 4ca662fcea1604e937bde1bddd5de2c50bcb6e00
Headers show
Series fix errors found by SVACE static analyzer #3 | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
tedd_an/CheckPatch success CheckPatch PASS
tedd_an/GitLint success Gitlint PASS
tedd_an/IncrementalBuild success Incremental Build PASS

Commit Message

Roman Smirnov July 9, 2024, 2:35 p.m. UTC 
It is necessary to prevent buffer overflow by limiting
the maximum string length.

Found with the SVACE static analysis tool.
---
 V1 -> V2: use "%36s[^:]" instead of calculating the string length
 src/settings.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/src/settings.c b/src/settings.c
index 643a083db..371649395 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -232,7 +232,7 @@  static int gatt_db_load(struct gatt_db *db, GKeyFile *key_file, char **keys)
 		value = g_key_file_get_string(key_file, "Attributes", *handle,
 									NULL);
 
-		if (!value || sscanf(value, "%[^:]:", type) != 1) {
+		if (!value || sscanf(value, "%36[^:]:", type) != 1) {
 			g_free(value);
 			return -EIO;
 		}
@@ -255,7 +255,7 @@  static int gatt_db_load(struct gatt_db *db, GKeyFile *key_file, char **keys)
 		value = g_key_file_get_string(key_file, "Attributes", *handle,
 									NULL);
 
-		if (!value || sscanf(value, "%[^:]:", type) != 1) {
+		if (!value || sscanf(value, "%36[^:]:", type) != 1) {
 			g_free(value);
 			return -EIO;
 		}