[PATCH 06/12] Cleanup: ensure string is 0 terminated

Dirk Hohndel dirk at hohndel.org
Thu Jan 4 08:50:21 PST 2018 

The Linux kernel uses the sir_name as a standard C string (in one
instance copying it into a 60 char buffer using kstrncpy with a length
limit of 60), we therefore need to ensure that it is 0 terminated.

Since the existing code didn't notify the caller if we were truncating
the string at 25 characters, I didn't add such a warning/error for
truncating at 24 characters.

I was not able to find documentation on how Windows uses irdaServiceName
but since this is implementing the same standard, the same change was
made to the Windows code.

In both cases I replaced the hardcoded length of 25 with a sizeof()
argument (but both Linux and Windows hard code that length in their
headers, so it seems unlikely this would ever change).

Coverity CID 207790

Signed-off-by: Dirk Hohndel <dirk at hohndel.org>
---
 src/irda.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/irda.c b/src/irda.c
index 149808aaa5c2..972c1255bc45 100644
--- a/src/irda.c
+++ b/src/irda.c
@@ -221,18 +221,22 @@ dc_irda_connect_name (dc_iostream_t *abstract, unsigned int address, const char
 	peer.irdaDeviceID[1] = (address >>  8) & 0xFF;
 	peer.irdaDeviceID[2] = (address >> 16) & 0xFF;
 	peer.irdaDeviceID[3] = (address >> 24) & 0xFF;
-    if (name)
-		strncpy (peer.irdaServiceName, name, 25);
-	else
-		memset (peer.irdaServiceName, 0x00, 25);
+	if (name) {
+		strncpy (peer.irdaServiceName, name, sizeof(peer.irdaServiceName) - 1);
+		peer.irdaServiceName[sizeof(peer.irdaServiceName) - 1] = '\0';
+	} else {
+		memset (peer.irdaServiceName, 0x00, sizeof(peer.irdaServiceName));
+	}
 #else
 	struct sockaddr_irda peer;
 	peer.sir_family = AF_IRDA;
 	peer.sir_addr = address;
-	if (name)
-		strncpy (peer.sir_name, name, 25);
-	else
-		memset (peer.sir_name, 0x00, 25);
+	if (name) {
+		strncpy (peer.sir_name, name, sizeof(peer.sir_name) - 1);
+		peer.sir_name[sizeof(peer.sir_name) - 1] = '\0';
+	} else {
+		memset (peer.sir_name, 0x00, sizeof(peer.sir_name));
+	}
 #endif
 
 	return dc_socket_connect (&device->base, (struct sockaddr *) &peer, sizeof (peer));
-- 
2.15.1

More information about the devel mailing list