[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCHv2 12/22] bt: replace fragile snprintf use and unwarr
From: |
Jim Meyering |
Subject: |
[Qemu-devel] [PATCHv2 12/22] bt: replace fragile snprintf use and unwarranted strncpy |
Date: |
Wed, 30 May 2012 09:46:31 +0200 |
From: Jim Meyering <address@hidden>
In bt_hci_name_req a failed snprintf could return len larger than
sizeof(params.name), which means the following memset call would
have a "length" value of (size_t)-1, -2, etc... Sounds scary.
But currently, one can deduce that there is no problem:
strlen(slave->lmp_name) is guaranteed to be smaller than
CHANGE_LOCAL_NAME_CP_SIZE, which is the same as sizeof(params.name),
so this cannot happen. Regardless, there is no justification for
using snprintf+memset. Use pstrcpy instead.
Also, in bt_hci_event_complete_read_local_name, use pstrcpy in place
of unwarranted strncpy.
Signed-off-by: Jim Meyering <address@hidden>
---
hw/bt-hci.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/hw/bt-hci.c b/hw/bt-hci.c
index a3a7fb4..47f9a4e 100644
--- a/hw/bt-hci.c
+++ b/hw/bt-hci.c
@@ -943,7 +943,6 @@ static int bt_hci_name_req(struct bt_hci_s *hci, bdaddr_t
*bdaddr)
{
struct bt_device_s *slave;
evt_remote_name_req_complete params;
- int len;
for (slave = hci->device.net->slave; slave; slave = slave->next)
if (slave->page_scan && !bacmp(&slave->bd_addr, bdaddr))
@@ -955,9 +954,7 @@ static int bt_hci_name_req(struct bt_hci_s *hci, bdaddr_t
*bdaddr)
params.status = HCI_SUCCESS;
bacpy(¶ms.bdaddr, &slave->bd_addr);
- len = snprintf(params.name, sizeof(params.name),
- "%s", slave->lmp_name ?: "");
- memset(params.name + len, 0, sizeof(params.name) - len);
+ pstrcpy(params.name, sizeof(params.name), slave->lmp_name ?: "");
bt_hci_event(hci, EVT_REMOTE_NAME_REQ_COMPLETE,
¶ms, EVT_REMOTE_NAME_REQ_COMPLETE_SIZE);
@@ -1388,7 +1385,7 @@ static inline void
bt_hci_event_complete_read_local_name(struct bt_hci_s *hci)
params.status = HCI_SUCCESS;
memset(params.name, 0, sizeof(params.name));
if (hci->device.lmp_name)
- strncpy(params.name, hci->device.lmp_name, sizeof(params.name));
+ pstrcpy(params.name, sizeof(params.name), hci->device.lmp_name);
bt_hci_event_complete(hci, ¶ms, READ_LOCAL_NAME_RP_SIZE);
}
--
1.7.10.2.605.gbefc5ed
- [Qemu-devel] [PATCHv2 03/22] block: avoid buffer overrun by using pstrcpy, not strncpy, (continued)
- [Qemu-devel] [PATCHv2 03/22] block: avoid buffer overrun by using pstrcpy, not strncpy, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 01/22] scsi, pci, qdev, isa-bus, sysbus: don't let *_get_fw_dev_path return NULL, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 07/22] lm32: avoid buffer overrun, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 02/22] sparc: use g_strdup in place of unchecked strdup, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 04/22] sheepdog: avoid a few buffer overruns, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 05/22] vmdk: relative_path: use pstrcpy in place of strncpy, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 08/22] os-posix: avoid buffer overrun, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 06/22] hw/9pfs: avoid buffer overrun, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 10/22] linux-user: remove two unchecked uses of strdup, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 16/22] qemu-ga: prefer pstrcpy: consistently NUL-terminate ifreq.ifr_name, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 12/22] bt: replace fragile snprintf use and unwarranted strncpy,
Jim Meyering <=
- [Qemu-devel] [PATCHv2 13/22] virtio-9p: avoid unwarranted uses of strncpy, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 09/22] ppc: avoid buffer overrun: use pstrcpy, not strncpy, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 11/22] ui/vnc: simplify and avoid strncpy, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 19/22] qcow2: mark this file's sole strncpy use as justified, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 14/22] vscsi: avoid unwarranted strncpy, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 17/22] libcacard/vcard_emul_nss: use pstrcpy in place of strncpy, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 22/22] doc: update HACKING wrt strncpy/pstrcpy, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 21/22] scsi: mark an strncpy use as valid, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 18/22] acpi: remove strzcpy (strncpy-identical) function; just use strncpy, Jim Meyering, 2012/05/30
- [Qemu-devel] [PATCHv2 20/22] hw/r2d: add comment: this strncpy use is ok, Jim Meyering, 2012/05/30