diff options
| author |   Romain Forlot <romain.forlot@iot.bzh> | 2018-05-17 00:26:01 +0200 |
|---|---|---|
| committer | Romain Forlot <romain.forlot@iot.bzh> | 2018-05-17 23:08:12 +0200 |
| commit | 71df9e17920283b8170bb65da98e279cb508e9b9 (patch) | |
| tree | 0e3e8a8df04125cf7be72ea9c0bcc8362cf19a22 /ctl-lib/ctl-lua.c | |
| parent | 77c5fe6240f08a55f61afc8d0ed48129bd8394d2 (diff) | |
Good usage of strncat and strncpy
This change ensure that there are no write over the
destination buffer size
Change-Id: Ic213e70fab83dfae39a8ff030c823a6ce68aab64
Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
Diffstat (limited to 'ctl-lib/ctl-lua.c')
| -rw-r--r-- | ctl-lib/ctl-lua.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/ctl-lib/ctl-lua.c b/ctl-lib/ctl-lua.c index c2f2376..3abf330 100644 --- a/ctl-lib/ctl-lua.c +++ b/ctl-lib/ctl-lua.c @@ -745,6 +745,8 @@ static int LuaDoScript(json_object *queryJ, CtlSourceT *source) { json_object *argsJ = NULL; static json_object *luaScriptPathJ = NULL; + luaScriptPath[CONTROL_MAXPATH_LEN - 1] = '\0'; + if (!queryJ) { return -1; } @@ -761,9 +763,9 @@ static int LuaDoScript(json_object *queryJ, CtlSourceT *source) { // search for filename=script in CONTROL_LUA_PATH if (!luaScriptPathJ) { - strncpy(luaScriptPath, CONTROL_DOSCRIPT_PRE, strlen(CONTROL_DOSCRIPT_PRE) + 1); - strncat(luaScriptPath, "-", strlen("-")); - strncat(luaScriptPath, uid, strlen(uid)); + strncpy(luaScriptPath, CONTROL_DOSCRIPT_PRE, CONTROL_MAXPATH_LEN - 1); + strncat(luaScriptPath, "-", CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1); + strncat(luaScriptPath, uid, CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1); luaScriptPathJ = ScanForConfig(luaScriptPath, CTL_SCAN_RECURSIVE, luaScriptPath, ".lua"); } @@ -778,9 +780,9 @@ static int LuaDoScript(json_object *queryJ, CtlSourceT *source) { // Ignoring other found script. Only take the first one. if (!index) { - strncpy(luaScriptPath, fullpath, strlen(fullpath) + 1); - strncat(luaScriptPath, "/", strlen("/")); - strncat(luaScriptPath, filename, strlen(filename)); + strncpy(luaScriptPath, fullpath, CONTROL_MAXPATH_LEN - 1); + strncat(luaScriptPath, "/", CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1); + strncat(luaScriptPath, filename, CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1); } } @@ -792,8 +794,8 @@ static int LuaDoScript(json_object *queryJ, CtlSourceT *source) { // if no func name given try to deduct from filename if (!func && (func = (char*) GetMidleName(filename)) != NULL) { - strncpy(luaScriptPath, "_", strlen("_") + 1); - strncat(luaScriptPath, func, strlen(func)); + strncpy(luaScriptPath, "_", CONTROL_MAXPATH_LEN - 1); + strncat(luaScriptPath, func, CONTROL_MAXPATH_LEN - strlen(luaScriptPath) - 1); func = luaScriptPath; } if (!func) { |