From 6b06431e9bcbef2eb1126dda01a68d4a81f0825e Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Sun, 11 Aug 2013 15:24:47 +0200 Subject: core: Fix a possible buffer overflow using getself_name(). If the passed buffer is smaller than MAX_NAME_LENGTH then, you will probably overflow it. --- core/Messenger.c | 12 ++++++++++-- core/Messenger.h | 16 ++++++++++++---- 2 files changed, 22 insertions(+), 6 deletions(-) (limited to 'core') diff --git a/core/Messenger.c b/core/Messenger.c index ebde5a78..1c81163c 100644 --- a/core/Messenger.c +++ b/core/Messenger.c @@ -267,10 +267,18 @@ int setname(Messenger *m, uint8_t * name, uint16_t length) put it in name name needs to be a valid memory location with a size of at least MAX_NAME_LENGTH bytes. return the length of the name */ -uint16_t getself_name(Messenger *m, uint8_t *name) +uint16_t getself_name(Messenger *m, uint8_t *name, uint16_t nlen) { + uint16_t len; + + if (name == NULL || nlen == 0) { + return 0; + } + + len = MIN(nlen, m->name_length); memcpy(name, m->name, m->name_length); - return m->name_length; + + return len; } /* get name of friendnumber diff --git a/core/Messenger.h b/core/Messenger.h index fa69d104..aa9611a4 100644 --- a/core/Messenger.h +++ b/core/Messenger.h @@ -196,10 +196,18 @@ int m_sendaction(Messenger *m, int friendnumber, uint8_t *action, uint32_t lengt return -1 if failure */ int setname(Messenger *m, uint8_t *name, uint16_t length); -/* get our nickname - put it in name - return the length of the name*/ -uint16_t getself_name(Messenger *m, uint8_t *name); +/** + * @brief Get your nickname. + * + * @param[in] m The messanger context to use. + * + * @param[inout] name Pointer to a string for the name. + * + * @param[in] nlen The length of the string buffer. + * + * @return Return the length of the name, 0 on error. + */ +uint16_t getself_name(Messenger *m, uint8_t *name, uint16_t nlen); /* get name of friendnumber put it in name -- cgit v1.2.3