wfa-qt-control-app: Changed strcpy to strncpy.

Use strncpy to prevent buffer overflow vulnerabilities. Signed-off-by: Triveni Danda <[email protected]>
nrfconnect · Feb 26, 2024 · f2479e7 · f2479e7
1 parent 51190fb
commit f2479e7
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 10 deletions.
diff --git a/zephyr/src/indigo_api_callback_dut.c b/zephyr/src/indigo_api_callback_dut.c
@@ -141,8 +141,8 @@ static int run_qt_command(const char *cmd)
 
 #define CHECK_RET(ret_value) \
     do { \
-        if (ret_value == -1) { \
-            indigo_logger(LOG_LEVEL_ERROR, "run_qt_command failed"); \
+        if (ret_value < 0) { \
+            indigo_logger(LOG_LEVEL_ERROR, "Error occured"); \
             goto done; \
         } \
     } while(0)
@@ -1517,7 +1517,9 @@ static int set_ap_parameter_handler(struct packet_wrapper *req, struct packet_wr
         tlv = find_wrapper_tlv_by_id(req, TLV_GAS_COMEBACK_DELAY);
     }
     if (tlv && find_tlv_config_name(tlv->id) != NULL) {
-        strcpy(param_name, find_tlv_config_name(tlv->id));
+        if (strncpy(param_name, find_tlv_config_name(tlv->id), sizeof(param_name)) == NULL) {
+	    goto done;
+	}
         memcpy(param_value, tlv->value, sizeof(param_value));
     } else {
         status = TLV_VALUE_STATUS_NOT_OK;
@@ -1831,7 +1833,9 @@ static int set_sta_parameter_handler(struct packet_wrapper *req, struct packet_w
         memset(param_name, 0, sizeof(param_name));
         memset(param_value, 0, sizeof(param_value));
         tlv = req->tlv[i];
-        strcpy(param_name, find_tlv_config_name(tlv->id));
+        if (strncpy(param_name, find_tlv_config_name(tlv->id), sizeof(param_name)) == NULL) {
+	    goto done;
+	}
         memcpy(param_value, tlv->value, sizeof(param_value));
 
         /* Assemble wpa_supplicant command */

diff --git a/zephyr/src/utils.c b/zephyr/src/utils.c
@@ -903,12 +903,17 @@ char* get_hapd_exec_file() {
 
 /* parse hostapd full path and set hostapd's file name */
 int set_hapd_exec_file(char* path) {
+    char *ret = NULL;
     char *ptr = indigo_strrstr(path, "/");
 
     if (ptr) {
-        strcpy(hapd_exec_file, ptr+1);
+        ret = strncpy(hapd_exec_file, ptr+1, sizeof(hapd_exec_file));
     } else {
-        strcpy(hapd_exec_file, path);
+        ret = strncpy(hapd_exec_file, path, sizeof(hapd_exec_file));
+    }
+
+    if (!ret) {
+	    return -1;
     }
     return 0;
 }
@@ -1008,11 +1013,16 @@ char* get_wpas_exec_file() {
 }
 
 int set_wpas_exec_file(char* path) {
+    char *ret = NULL;
     char *ptr = indigo_strrstr(path, "/");
     if (ptr) {
-        strcpy(wpas_exec_file, ptr+1);
+        ret = strncpy(wpas_exec_file, ptr+1, sizeof(wpas_exec_file));
     } else {
-        strcpy(wpas_exec_file, path);
+        ret = strncpy(wpas_exec_file, path, sizeof(wpas_exec_file));
+    }
+
+    if (!ret) {
+	    return -1;
     }
     return 0;
 }
@@ -1100,7 +1110,9 @@ int add_wireless_interface_info(int band, int bssid, char *name) {
     interfaces[interface_count].band = band;
     interfaces[interface_count].bssid = -1;
     interfaces[interface_count].identifier = UNUSED_IDENTIFIER;
-    strcpy(interfaces[interface_count++].ifname, name);
+    if (strncpy(interfaces[interface_count++].ifname, name, sizeof(interfaces[interface_count].ifname)) == NULL) {
+	    return -1;
+    }
     return 0;
 }
 
@@ -1401,7 +1413,9 @@ int get_key_value(char *value, char *buffer, char *token) {
     ptr += strlen(_token);
     endptr = strstr(ptr, "\n");
     if (endptr) {
-        strncpy(value, ptr, endptr - ptr);
+        if (strncpy(value, ptr, endptr - ptr) == NULL) {
+		return -1;
+	}
     } else {
         strcpy(value, ptr);
     }