From c6a14c5fe72ead31c3bc869e6cf93ea2e8331121 Mon Sep 17 00:00:00 2001 From: Theo Arends <11044339+arendst@users.noreply.github.com> Date: Sun, 2 Sep 2018 11:52:24 +0200 Subject: [PATCH] Fix possible exception Fix possible exception due to buffer overflow (#3659) --- sonoff/_changelog.ino | 1 + sonoff/sonoff.ino | 2 +- sonoff/support.ino | 4 ++-- sonoff/xdrv_02_webserver.ino | 4 ++-- sonoff/xdsp_01_lcd.ino | 2 +- sonoff/xsns_01_counter.ino | 2 +- sonoff/xsns_05_ds18x20_legacy.ino | 2 +- sonoff/xsns_12_ads1115.ino | 2 +- sonoff/xsns_12_ads1115_i2cdev.ino | 2 +- 9 files changed, 11 insertions(+), 10 deletions(-) diff --git a/sonoff/_changelog.ino b/sonoff/_changelog.ino index 8b5af65ce..c3d1e4c6a 100644 --- a/sonoff/_changelog.ino +++ b/sonoff/_changelog.ino @@ -1,5 +1,6 @@ /* 6.2.0.1 20180902 * Fix possible ambiguity on command parameters if StateText contains numbers only (#3656) + * Fix possible exception due to buffer overflow (#3659) * * 6.2.0 20180901 * Allow user override of define MAX_RULE_VARS and MAX_RULE_TIMERS (#3561) diff --git a/sonoff/sonoff.ino b/sonoff/sonoff.ino index 254f88184..93ffbda01 100755 --- a/sonoff/sonoff.ino +++ b/sonoff/sonoff.ino @@ -442,7 +442,7 @@ void MqttDataHandler(char* topic, byte* data, unsigned int data_len) ShowFreeMem(PSTR("MqttDataHandler")); - strncpy(topicBuf, topic, sizeof(topicBuf)); + strlcpy(topicBuf, topic, sizeof(topicBuf)); for (i = 0; i < data_len; i++) { if (!isspace(data[i])) break; } diff --git a/sonoff/support.ino b/sonoff/support.ino index eed4146c2..8aaeabf88 100644 --- a/sonoff/support.ino +++ b/sonoff/support.ino @@ -143,7 +143,7 @@ char* subStr(char* dest, char* str, const char *delim, int index) int i; // Since strtok consumes the first arg, make a copy - strncpy(dest, str, strlen(str)); + strlcpy(dest, str, strlen(str)); for (i = 1, act = dest; i <= index; i++, act = NULL) { sub = strtok_r(act, delim, &ptr); if (sub == NULL) break; @@ -157,7 +157,7 @@ double CharToDouble(char *str) // simple ascii to double, because atof or strtod are too large char strbuf[24]; - strcpy(strbuf, str); + strlcpy(strbuf, str, sizeof(strbuf)); char *pt; double left = atoi(strbuf); double right = 0; diff --git a/sonoff/xdrv_02_webserver.ino b/sonoff/xdrv_02_webserver.ino index c919c8f43..91c01eeae 100644 --- a/sonoff/xdrv_02_webserver.ino +++ b/sonoff/xdrv_02_webserver.ino @@ -372,8 +372,8 @@ long ajax_token = 1; static void WebGetArg(const char* arg, char* out, size_t max) { String s = WebServer->arg(arg); - strncpy(out, s.c_str(), max); - out[max-1] = '\0'; // Ensure terminating NUL + strlcpy(out, s.c_str(), max); +// out[max-1] = '\0'; // Ensure terminating NUL } void ShowWebSource(int source) diff --git a/sonoff/xdsp_01_lcd.ino b/sonoff/xdsp_01_lcd.ino index 9d4a5d396..bfc0b3536 100644 --- a/sonoff/xdsp_01_lcd.ino +++ b/sonoff/xdsp_01_lcd.ino @@ -107,7 +107,7 @@ void LcdCenter(byte row, char* txt) line[Settings.display_cols[0]] = 0; len = strlen(txt); offset = (len < Settings.display_cols[0]) ? offset = (Settings.display_cols[0] - len) / 2 : 0; - strncpy(line +offset, txt, len); + strlcpy(line +offset, txt, len); lcd->setCursor(0, row); lcd->print(line); } diff --git a/sonoff/xsns_01_counter.ino b/sonoff/xsns_01_counter.ino index 069d5b3e7..b5822cac7 100644 --- a/sonoff/xsns_01_counter.ino +++ b/sonoff/xsns_01_counter.ino @@ -111,7 +111,7 @@ void CounterShow(boolean json) } header++; snprintf_P(mqtt_data, sizeof(mqtt_data), PSTR("%s%s\"C%d\":%s"), mqtt_data, stemp, i +1, counter); - strcpy(stemp, ","); + strlcpy(stemp, ",", sizeof(stemp)); #ifdef USE_DOMOTICZ if ((0 == tele_period) && (1 == dsxflg)) { DomoticzSensor(DZ_COUNT, RtcSettings.pulse_counter[i]); diff --git a/sonoff/xsns_05_ds18x20_legacy.ino b/sonoff/xsns_05_ds18x20_legacy.ino index 156312104..03754bbe1 100644 --- a/sonoff/xsns_05_ds18x20_legacy.ino +++ b/sonoff/xsns_05_ds18x20_legacy.ino @@ -186,7 +186,7 @@ void Ds18x20Show(boolean json) dsxflg++; snprintf_P(mqtt_data, sizeof(mqtt_data), PSTR("%s%s\"DS%d\":{\"" D_JSON_TYPE "\":\"%s\",\"" D_JSON_ADDRESS "\":\"%s\",\"" D_JSON_TEMPERATURE "\":%s}"), mqtt_data, stemp, i +1, ds18x20_types, Ds18x20Addresses(i).c_str(), temperature); - strcpy(stemp, ","); + strlcpy(stemp, ",", sizeof(stemp)); #ifdef USE_DOMOTICZ if ((0 == tele_period) && (1 == dsxflg)) { DomoticzSensor(DZ_TEMP, temperature); diff --git a/sonoff/xsns_12_ads1115.ino b/sonoff/xsns_12_ads1115.ino index f1279a732..bcfb6dfad 100644 --- a/sonoff/xsns_12_ads1115.ino +++ b/sonoff/xsns_12_ads1115.ino @@ -191,7 +191,7 @@ void Ads1115Show(boolean json) } dsxflg++; snprintf_P(mqtt_data, sizeof(mqtt_data), PSTR("%s%s\"A%d\":%d"), mqtt_data, stemp, i, adc_value); - strcpy(stemp, ","); + strlcpy(stemp, ",", sizeof(stemp)); #ifdef USE_WEBSERVER } else { snprintf_P(mqtt_data, sizeof(mqtt_data), HTTP_SNS_ANALOG, mqtt_data, "ADS1115", i, adc_value); diff --git a/sonoff/xsns_12_ads1115_i2cdev.ino b/sonoff/xsns_12_ads1115_i2cdev.ino index d3748ec7a..588a37ac5 100644 --- a/sonoff/xsns_12_ads1115_i2cdev.ino +++ b/sonoff/xsns_12_ads1115_i2cdev.ino @@ -111,7 +111,7 @@ void Ads1115Show(boolean json) } dsxflg++; snprintf_P(mqtt_data, sizeof(mqtt_data), PSTR("%s%s\"A%d\":%d"), mqtt_data, stemp, i, adc_value); - strcpy(stemp, ","); + strlcpy(stemp, ",", sizeof(stemp)); #ifdef USE_WEBSERVER } else { snprintf_P(mqtt_data, sizeof(mqtt_data), HTTP_SNS_ANALOG, mqtt_data, "ADS1115", i, adc_value);