Fix possible exception

Fix possible exception due to buffer overflow (#3659)
This commit is contained in:
Theo Arends 2018-09-02 11:52:24 +02:00
parent 48b5f9117a
commit c6a14c5fe7
9 changed files with 11 additions and 10 deletions

View File

@ -1,5 +1,6 @@
/* 6.2.0.1 20180902 /* 6.2.0.1 20180902
* Fix possible ambiguity on command parameters if StateText contains numbers only (#3656) * Fix possible ambiguity on command parameters if StateText contains numbers only (#3656)
* Fix possible exception due to buffer overflow (#3659)
* *
* 6.2.0 20180901 * 6.2.0 20180901
* Allow user override of define MAX_RULE_VARS and MAX_RULE_TIMERS (#3561) * Allow user override of define MAX_RULE_VARS and MAX_RULE_TIMERS (#3561)

View File

@ -442,7 +442,7 @@ void MqttDataHandler(char* topic, byte* data, unsigned int data_len)
ShowFreeMem(PSTR("MqttDataHandler")); ShowFreeMem(PSTR("MqttDataHandler"));
strncpy(topicBuf, topic, sizeof(topicBuf)); strlcpy(topicBuf, topic, sizeof(topicBuf));
for (i = 0; i < data_len; i++) { for (i = 0; i < data_len; i++) {
if (!isspace(data[i])) break; if (!isspace(data[i])) break;
} }

View File

@ -143,7 +143,7 @@ char* subStr(char* dest, char* str, const char *delim, int index)
int i; int i;
// Since strtok consumes the first arg, make a copy // Since strtok consumes the first arg, make a copy
strncpy(dest, str, strlen(str)); strlcpy(dest, str, strlen(str));
for (i = 1, act = dest; i <= index; i++, act = NULL) { for (i = 1, act = dest; i <= index; i++, act = NULL) {
sub = strtok_r(act, delim, &ptr); sub = strtok_r(act, delim, &ptr);
if (sub == NULL) break; if (sub == NULL) break;
@ -157,7 +157,7 @@ double CharToDouble(char *str)
// simple ascii to double, because atof or strtod are too large // simple ascii to double, because atof or strtod are too large
char strbuf[24]; char strbuf[24];
strcpy(strbuf, str); strlcpy(strbuf, str, sizeof(strbuf));
char *pt; char *pt;
double left = atoi(strbuf); double left = atoi(strbuf);
double right = 0; double right = 0;

View File

@ -372,8 +372,8 @@ long ajax_token = 1;
static void WebGetArg(const char* arg, char* out, size_t max) static void WebGetArg(const char* arg, char* out, size_t max)
{ {
String s = WebServer->arg(arg); String s = WebServer->arg(arg);
strncpy(out, s.c_str(), max); strlcpy(out, s.c_str(), max);
out[max-1] = '\0'; // Ensure terminating NUL // out[max-1] = '\0'; // Ensure terminating NUL
} }
void ShowWebSource(int source) void ShowWebSource(int source)

View File

@ -107,7 +107,7 @@ void LcdCenter(byte row, char* txt)
line[Settings.display_cols[0]] = 0; line[Settings.display_cols[0]] = 0;
len = strlen(txt); len = strlen(txt);
offset = (len < Settings.display_cols[0]) ? offset = (Settings.display_cols[0] - len) / 2 : 0; offset = (len < Settings.display_cols[0]) ? offset = (Settings.display_cols[0] - len) / 2 : 0;
strncpy(line +offset, txt, len); strlcpy(line +offset, txt, len);
lcd->setCursor(0, row); lcd->setCursor(0, row);
lcd->print(line); lcd->print(line);
} }

View File

@ -111,7 +111,7 @@ void CounterShow(boolean json)
} }
header++; header++;
snprintf_P(mqtt_data, sizeof(mqtt_data), PSTR("%s%s\"C%d\":%s"), mqtt_data, stemp, i +1, counter); snprintf_P(mqtt_data, sizeof(mqtt_data), PSTR("%s%s\"C%d\":%s"), mqtt_data, stemp, i +1, counter);
strcpy(stemp, ","); strlcpy(stemp, ",", sizeof(stemp));
#ifdef USE_DOMOTICZ #ifdef USE_DOMOTICZ
if ((0 == tele_period) && (1 == dsxflg)) { if ((0 == tele_period) && (1 == dsxflg)) {
DomoticzSensor(DZ_COUNT, RtcSettings.pulse_counter[i]); DomoticzSensor(DZ_COUNT, RtcSettings.pulse_counter[i]);

View File

@ -186,7 +186,7 @@ void Ds18x20Show(boolean json)
dsxflg++; dsxflg++;
snprintf_P(mqtt_data, sizeof(mqtt_data), PSTR("%s%s\"DS%d\":{\"" D_JSON_TYPE "\":\"%s\",\"" D_JSON_ADDRESS "\":\"%s\",\"" D_JSON_TEMPERATURE "\":%s}"), snprintf_P(mqtt_data, sizeof(mqtt_data), PSTR("%s%s\"DS%d\":{\"" D_JSON_TYPE "\":\"%s\",\"" D_JSON_ADDRESS "\":\"%s\",\"" D_JSON_TEMPERATURE "\":%s}"),
mqtt_data, stemp, i +1, ds18x20_types, Ds18x20Addresses(i).c_str(), temperature); mqtt_data, stemp, i +1, ds18x20_types, Ds18x20Addresses(i).c_str(), temperature);
strcpy(stemp, ","); strlcpy(stemp, ",", sizeof(stemp));
#ifdef USE_DOMOTICZ #ifdef USE_DOMOTICZ
if ((0 == tele_period) && (1 == dsxflg)) { if ((0 == tele_period) && (1 == dsxflg)) {
DomoticzSensor(DZ_TEMP, temperature); DomoticzSensor(DZ_TEMP, temperature);

View File

@ -191,7 +191,7 @@ void Ads1115Show(boolean json)
} }
dsxflg++; dsxflg++;
snprintf_P(mqtt_data, sizeof(mqtt_data), PSTR("%s%s\"A%d\":%d"), mqtt_data, stemp, i, adc_value); snprintf_P(mqtt_data, sizeof(mqtt_data), PSTR("%s%s\"A%d\":%d"), mqtt_data, stemp, i, adc_value);
strcpy(stemp, ","); strlcpy(stemp, ",", sizeof(stemp));
#ifdef USE_WEBSERVER #ifdef USE_WEBSERVER
} else { } else {
snprintf_P(mqtt_data, sizeof(mqtt_data), HTTP_SNS_ANALOG, mqtt_data, "ADS1115", i, adc_value); snprintf_P(mqtt_data, sizeof(mqtt_data), HTTP_SNS_ANALOG, mqtt_data, "ADS1115", i, adc_value);

View File

@ -111,7 +111,7 @@ void Ads1115Show(boolean json)
} }
dsxflg++; dsxflg++;
snprintf_P(mqtt_data, sizeof(mqtt_data), PSTR("%s%s\"A%d\":%d"), mqtt_data, stemp, i, adc_value); snprintf_P(mqtt_data, sizeof(mqtt_data), PSTR("%s%s\"A%d\":%d"), mqtt_data, stemp, i, adc_value);
strcpy(stemp, ","); strlcpy(stemp, ",", sizeof(stemp));
#ifdef USE_WEBSERVER #ifdef USE_WEBSERVER
} else { } else {
snprintf_P(mqtt_data, sizeof(mqtt_data), HTTP_SNS_ANALOG, mqtt_data, "ADS1115", i, adc_value); snprintf_P(mqtt_data, sizeof(mqtt_data), HTTP_SNS_ANALOG, mqtt_data, "ADS1115", i, adc_value);