dany/eg25-manager
1
0
Fork 0
mirror of https://gitlab.com/mobian1/eg25-manager.git synced 2025-08-29 23:32:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

at.c: use snprintf(3)

Browse Source 
snprintf(3) is preferred over insecure sprintf(3) in order to avoid
buffer overrun vulnerabilities.
This commit is contained in:
Xavier Del Campo
2021-09-11 00:50:04 +02:00
parent 2bf63376d7
commit 9e0d97d2e2
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/at.c
View File

@@ -58,15 +58,21 @@ gboolean at_send_command(struct EG25Manager *manager)
/* Send AT command */ /* Send AT command */
if (at_cmd->subcmd == NULL && at_cmd->value == NULL && at_cmd->expected == NULL) if (at_cmd->subcmd == NULL && at_cmd->value == NULL && at_cmd->expected == NULL)
len = sprintf(command, "AT+%s\r\n", at_cmd->cmd); len = snprintf(command, sizeof(command), "AT+%s\r\n", at_cmd->cmd);
else if (at_cmd->subcmd == NULL && at_cmd->value == NULL) else if (at_cmd->subcmd == NULL && at_cmd->value == NULL)
len = sprintf(command, "AT+%s?\r\n", at_cmd->cmd); len = snprintf(command, sizeof(command), "AT+%s?\r\n", at_cmd->cmd);
else if (at_cmd->subcmd == NULL && at_cmd->value) else if (at_cmd->subcmd == NULL && at_cmd->value)
len = sprintf(command, "AT+%s=%s\r\n", at_cmd->cmd, at_cmd->value); len = snprintf(command, sizeof(command),"AT+%s=%s\r\n", at_cmd->cmd, at_cmd->value);
else if (at_cmd->subcmd && at_cmd->value == NULL) else if (at_cmd->subcmd && at_cmd->value == NULL)
len = sprintf(command, "AT+%s=\"%s\"\r\n", at_cmd->cmd, at_cmd->subcmd); len = snprintf(command, sizeof(command), "AT+%s=\"%s\"\r\n", at_cmd->cmd, at_cmd->subcmd);
else if (at_cmd->subcmd && at_cmd->value) else if (at_cmd->subcmd && at_cmd->value)
len = sprintf(command, "AT+%s=\"%s\",%s\r\n", at_cmd->cmd, at_cmd->subcmd, at_cmd->value); len = snprintf(command, sizeof(command), "AT+%s=\"%s\",%s\r\n", at_cmd->cmd, at_cmd->subcmd, at_cmd->value);
if (len < 0 || len >= sizeof(command)) {
g_warning("AT command does not fit into buffer\n");
return FALSE;
}
manager->at_callback = at_cmd->callback; manager->at_callback = at_cmd->callback;
ret = write(manager->at_fd, command, len); ret = write(manager->at_fd, command, len);