It is necessary to prevent buffer overflow by limiting
the maximum string length.
Found with the SVACE static analysis tool.
---
V1 -> V2: use "%36s[^:]" instead of calculating the string length
src/settings.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/settings.c b/src/settings.c
index b61e694f1..643a083db 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -193,7 +193,7 @@ static int load_service(struct gatt_db *db, char *handle, char *value)
return -EIO;
}
- if (sscanf(value, "%[^:]:%04hx:%36s", type, &end, uuid_str) != 3) {
+ if (sscanf(value, "%36[^:]:%04hx:%36s", type, &end, uuid_str) != 3) {
DBG("Failed to parse value: %s", value);
return -EIO;
}
--
2.34.1
