[AWARE] Protect string copy against buffer overflow am: 5039b6099e
Change-Id: If36fa8b7de6f0b9092e9c7c7f50f6fd8111f6cb3
diff --git a/wifi/1.3/default/hidl_struct_util.cpp b/wifi/1.3/default/hidl_struct_util.cpp
index 2e4db70..d305c09 100644
--- a/wifi/1.3/default/hidl_struct_util.cpp
+++ b/wifi/1.3/default/hidl_struct_util.cpp
@@ -1819,7 +1819,13 @@
convertHidlNanDataPathChannelCfgToLegacy(
hidl_request.channelRequestType);
legacy_request->channel = hidl_request.channel;
- strcpy(legacy_request->ndp_iface, hidl_request.ifaceName.c_str());
+ if (strnlen(hidl_request.ifaceName.c_str(), IFNAMSIZ + 1) == IFNAMSIZ + 1) {
+ LOG(ERROR) << "convertHidlNanDataPathInitiatorRequestToLegacy: "
+ "ifaceName too long";
+ return false;
+ }
+ strncpy(legacy_request->ndp_iface, hidl_request.ifaceName.c_str(),
+ IFNAMSIZ + 1);
legacy_request->ndp_cfg.security_cfg =
(hidl_request.securityConfig.securityType !=
NanDataPathSecurityType::OPEN)
@@ -1900,7 +1906,13 @@
? legacy_hal::NAN_DP_REQUEST_ACCEPT
: legacy_hal::NAN_DP_REQUEST_REJECT;
legacy_request->ndp_instance_id = hidl_request.ndpInstanceId;
- strcpy(legacy_request->ndp_iface, hidl_request.ifaceName.c_str());
+ if (strnlen(hidl_request.ifaceName.c_str(), IFNAMSIZ + 1) == IFNAMSIZ + 1) {
+ LOG(ERROR) << "convertHidlNanDataPathIndicationResponseToLegacy: "
+ "ifaceName too long";
+ return false;
+ }
+ strncpy(legacy_request->ndp_iface, hidl_request.ifaceName.c_str(),
+ IFNAMSIZ + 1);
legacy_request->ndp_cfg.security_cfg =
(hidl_request.securityConfig.securityType !=
NanDataPathSecurityType::OPEN)