From 755091581336dd6b6a710e599da9e1e52037851a Mon Sep 17 00:00:00 2001
From: Roman Smirnov <r.smirnov@omp.ru>
Date: Tue, 9 Jul 2024 17:35:02 +0300
Subject: [PATCH] settings: limit string size in load_service()

It is necessary to prevent buffer overflow by limiting
the maximum string length.

Found with the SVACE static analysis tool.
---
 src/settings.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/settings.c b/src/settings.c
index b61e694f1..643a083db 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -193,7 +193,7 @@ static int load_service(struct gatt_db *db, char *handle, char *value)
 		return -EIO;
 	}
 
-	if (sscanf(value, "%[^:]:%04hx:%36s", type, &end, uuid_str) != 3) {
+	if (sscanf(value, "%36[^:]:%04hx:%36s", type, &end, uuid_str) != 3) {
 		DBG("Failed to parse value: %s", value);
 		return -EIO;
 	}
-- 
2.47.3