Good usage of strncat and strncpy

This change ensure that there are no write over the
destination buffer size

Change-Id: Ic213e70fab83dfae39a8ff030c823a6ce68aab64
Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>

1 files changed, 8 insertions, 6 deletions

diff --git a/ctl-lib/ctl-config.c b/ctl-lib/ctl-config.c
index cac8c75..ce1e6fe 100644
--- a/ctl-lib/ctl-config.c
+++ b/ctl-lib/ctl-config.c
@@ -43,11 +43,13 @@ int CtlConfigMagicNew() {
 }
 
  json_object* CtlConfigScan(const char *dirList, const char *prefix) {
-    char controlFile [CONTROL_MAXPATH_LEN];
+    char controlFile[CONTROL_MAXPATH_LEN];
     const char *binderName = GetBinderName();
 
-    strncpy(controlFile, prefix, strlen(prefix)+1);
-    strncat(controlFile, binderName, strlen(binderName));
+    controlFile[CONTROL_MAXPATH_LEN - 1] = '\0';
+
+    strncpy(controlFile, prefix, CONTROL_MAXPATH_LEN - 1);
+    strncat(controlFile, binderName, CONTROL_MAXPATH_LEN - strlen(controlFile) - 1);
 
     // search for default dispatch config file
     json_object* responseJ = ScanForConfig(dirList, CTL_SCAN_RECURSIVE, controlFile, ".json");
@@ -69,9 +71,9 @@ char* ConfigSearch(AFB_ApiT apiHandle, json_object *responseJ) {
         }
 
         if (index == 0) {
-            strncpy(filepath, fullpath, strlen(fullpath)+1);
-            strncat(filepath, "/", strlen("/"));
-            strncat(filepath, filename, strlen(filename));
+            strncpy(filepath, fullpath, CONTROL_MAXPATH_LEN - 1);
+            strncat(filepath, "/", CONTROL_MAXPATH_LEN - strlen(filepath) - 1);
+            strncat(filepath, filename, CONTROL_MAXPATH_LEN - strlen(filepath) - 1);
         }
     }