diff mbox series

[BlueZ,v2,3/4] settings: limit string size in load_service()

Message ID 20240709143503.12142-4-r.smirnov@omp.ru (mailing list archive)
State Accepted
Commit 755091581336dd6b6a710e599da9e1e52037851a
Headers show
Series fix errors found by SVACE static analyzer #3 | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
tedd_an/CheckPatch success CheckPatch PASS
tedd_an/GitLint success Gitlint PASS
tedd_an/IncrementalBuild success Incremental Build PASS

Commit Message

Roman Smirnov July 9, 2024, 2:35 p.m. UTC 
It is necessary to prevent buffer overflow by limiting
the maximum string length.

Found with the SVACE static analysis tool.
---
 V1 -> V2: use "%36s[^:]" instead of calculating the string length
 src/settings.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/src/settings.c b/src/settings.c
index b61e694f1..643a083db 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -193,7 +193,7 @@  static int load_service(struct gatt_db *db, char *handle, char *value)
 		return -EIO;
 	}
 
-	if (sscanf(value, "%[^:]:%04hx:%36s", type, &end, uuid_str) != 3) {
+	if (sscanf(value, "%36[^:]:%04hx:%36s", type, &end, uuid_str) != 3) {
 		DBG("Failed to parse value: %s", value);
 		return -EIO;
 	}