[BlueZ 12/15] mgmt-tester: Fix non-nul-terminated string

Bastien Nocera <hadess@xxxxxxxxxx> · Thu, 16 May 2024 11:03:16 +0200

Error: STRING_NULL (CWE-170): [#def59] [important]
bluez-5.75/tools/mgmt-tester.c:12670:2: string_null_source: Function "vhci_read_devcd" does not terminate string "buf".
bluez-5.75/tools/mgmt-tester.c:12677:2: string_null: Passing unterminated string "buf" to "strtok_r", which expects a null-terminated string.
12675|
12676|		/* Verify if all devcoredump header fields are present */
12677|->	line = strtok_r(buf, delim, &saveptr);
12678|		while (strlen(test->expect_dump_data[i])) {
12679|			if (!line || strcmp(line, test->expect_dump_data[i])) {
---
 tools/mgmt-tester.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tools/mgmt-tester.c b/tools/mgmt-tester.c
index 8a4fbc2eb6a6..8076ec105ebb 100644
--- a/tools/mgmt-tester.c
+++ b/tools/mgmt-tester.c
@@ -12656,18 +12656,22 @@ static void verify_devcd(void *user_data)
 	struct test_data *data = tester_get_data();
 	const struct generic_data *test = data->test_data;
 	struct vhci *vhci = hciemu_get_vhci(data->hciemu);
-	char buf[MAX_COREDUMP_BUF_LEN] = {0};
+	char buf[MAX_COREDUMP_BUF_LEN + 1] = {0};
+	int read;
 	char delim[] = "\n";
 	char *line;
 	char *saveptr;
 	int i = 0;
 
 	/* Read the generated devcoredump file */
-	if (vhci_read_devcd(vhci, buf, sizeof(buf)) <= 0) {
+	read = vhci_read_devcd(vhci, buf, MAX_COREDUMP_BUF_LEN);
+	if (read <= 0) {
 		tester_warn("Unable to read devcoredump");
 		tester_test_failed();
 		return;
 	}
+	/* Make sure buf is nul-terminated */
+	buf[read + 1] = '\0';
 
 	/* Verify if all devcoredump header fields are present */
 	line = strtok_r(buf, delim, &saveptr);
-- 
2.44.0








