From b978f979678d237f406f3209cf2d5f2da8e5b74e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Dre=C3=9Fler?= Date: Fri, 3 Nov 2023 19:21:50 +0100 Subject: [PATCH] lib/sdp: Pass size_t to sdp_get_string_attr() We're currently type-casting the output of strlen(sdpdata->val.str) into an int, which is somewhat problematic given that strlen() can return values larger than sizeof(int). We can do better here and use size_t instead, so let's do that. While at it, also add a comment explaining why the check here is "smaller than" instead of "smaller than or equal". Co-developed-by: Zander Brown --- lib/sdp.c | 21 +++++++++++++-------- lib/sdp_lib.h | 21 ++++++++++++++------- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/lib/sdp.c b/lib/sdp.c index 4b10d8f67..dfc06b6df 100644 --- a/lib/sdp.c +++ b/lib/sdp.c @@ -2180,16 +2180,21 @@ int sdp_get_int_attr(const sdp_record_t *rec, uint16_t attrid, int *value) } int sdp_get_string_attr(const sdp_record_t *rec, uint16_t attrid, char *value, - int valuelen) + size_t valuelen) { sdp_data_t *sdpdata = sdp_data_get(rec, attrid); - if (sdpdata) - /* Verify that it is what the caller expects */ - if (SDP_IS_TEXT_STR(sdpdata->dtd)) - if ((int) strlen(sdpdata->val.str) < valuelen) { - strcpy(value, sdpdata->val.str); - return 0; - } + + /* Verify that it is what the caller expects */ + if (!sdpdata || !SDP_IS_TEXT_STR(sdpdata->dtd)) + goto fail; + + /* Have to copy the NULL terminator too, so check len < valuelen. */ + if (strlen(sdpdata->val.str) < valuelen) { + strcpy(value, sdpdata->val.str); + return 0; + } + +fail: errno = EINVAL; return -1; } diff --git a/lib/sdp_lib.h b/lib/sdp_lib.h index 22776b678..aad664fd6 100644 --- a/lib/sdp_lib.h +++ b/lib/sdp_lib.h @@ -141,7 +141,8 @@ int sdp_general_inquiry(inquiry_info *ii, int dev_num, int duration, uint8_t *fo /* flexible extraction of basic attributes - Jean II */ int sdp_get_int_attr(const sdp_record_t *rec, uint16_t attr, int *value); -int sdp_get_string_attr(const sdp_record_t *rec, uint16_t attr, char *value, int valuelen); +int sdp_get_string_attr(const sdp_record_t *rec, uint16_t attr, char *value, + size_t valuelen); /* * Basic sdp data functions @@ -543,32 +544,38 @@ int sdp_get_service_avail(const sdp_record_t *rec, uint8_t *svcAvail); int sdp_get_service_ttl(const sdp_record_t *rec, uint32_t *svcTTLInfo); int sdp_get_database_state(const sdp_record_t *rec, uint32_t *svcDBState); -static inline int sdp_get_service_name(const sdp_record_t *rec, char *str, int len) +static inline int sdp_get_service_name(const sdp_record_t *rec, char *str, + size_t len) { return sdp_get_string_attr(rec, SDP_ATTR_SVCNAME_PRIMARY, str, len); } -static inline int sdp_get_service_desc(const sdp_record_t *rec, char *str, int len) +static inline int sdp_get_service_desc(const sdp_record_t *rec, char *str, + size_t len) { return sdp_get_string_attr(rec, SDP_ATTR_SVCDESC_PRIMARY, str, len); } -static inline int sdp_get_provider_name(const sdp_record_t *rec, char *str, int len) +static inline int sdp_get_provider_name(const sdp_record_t *rec, char *str, + size_t len) { return sdp_get_string_attr(rec, SDP_ATTR_PROVNAME_PRIMARY, str, len); } -static inline int sdp_get_doc_url(const sdp_record_t *rec, char *str, int len) +static inline int sdp_get_doc_url(const sdp_record_t *rec, char *str, + size_t len) { return sdp_get_string_attr(rec, SDP_ATTR_DOC_URL, str, len); } -static inline int sdp_get_clnt_exec_url(const sdp_record_t *rec, char *str, int len) +static inline int sdp_get_clnt_exec_url(const sdp_record_t *rec, char *str, + size_t len) { return sdp_get_string_attr(rec, SDP_ATTR_CLNT_EXEC_URL, str, len); } -static inline int sdp_get_icon_url(const sdp_record_t *rec, char *str, int len) +static inline int sdp_get_icon_url(const sdp_record_t *rec, char *str, + size_t len) { return sdp_get_string_attr(rec, SDP_ATTR_ICON_URL, str, len); } -- 2.47.3