jeans/Tasmota
jeans/Tasmota
1
0
Fork 0
mirror of https://github.com/arendst/Tasmota.git synced 2025-07-28 05:06:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix possible strncat buffer overflows

Browse Source 
Fix possible strncat buffer overflows
This commit is contained in:
Theo Arends 2018-11-22 15:41:30 +01:00
parent d71ae77900
commit 6c87ab205a
12 changed files with 21 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sonoff/_changelog.ino
View File

@ -3,6 +3,7 @@
* Add additional start-up delay during initial wifi connection * Add additional start-up delay during initial wifi connection
* Add support for I2C MGC3130 Electric Field Effect sensor by Christian Baars (#3774, #4404) * Add support for I2C MGC3130 Electric Field Effect sensor by Christian Baars (#3774, #4404)
* Add initial support for Hass sensor discovery (#4380) * Add initial support for Hass sensor discovery (#4380)
* Fix possible strncat buffer overflows
* *
* 6.3.0.11 20181120 * 6.3.0.11 20181120
* Add delays removed in 6.3.0.9 (#4233) * Add delays removed in 6.3.0.9 (#4233)

6
sonoff/support.ino
View File

@ -452,7 +452,7 @@ char* GetPowerDevice(char* dest, uint8_t idx, size_t size, uint8_t option)
strncpy_P(dest, S_RSLT_POWER, size); // POWER strncpy_P(dest, S_RSLT_POWER, size); // POWER
if ((devices_present + option) > 1) { if ((devices_present + option) > 1) {
snprintf_P(sidx, sizeof(sidx), PSTR("%d"), idx); // x snprintf_P(sidx, sizeof(sidx), PSTR("%d"), idx); // x
strncat(dest, sidx, size); // POWERx strncat(dest, sidx, size - strlen(dest) -1); // POWERx
} }
return dest; return dest;
} }
@ -1030,7 +1030,7 @@ void I2cScan(char *devs, unsigned int devs_len)
} }
} }
if (any) { if (any) {
strncat(devs, "\"}", devs_len); strncat(devs, "\"}", devs_len - strlen(devs) -1);
} }
else { else {
snprintf_P(devs, devs_len, PSTR("{\"" D_CMND_I2CSCAN "\":\"" D_JSON_I2CSCAN_NO_DEVICES_FOUND "\"}")); snprintf_P(devs, devs_len, PSTR("{\"" D_CMND_I2CSCAN "\":\"" D_JSON_I2CSCAN_NO_DEVICES_FOUND "\"}"));
@ -1157,7 +1157,7 @@ void AddLog_P(byte loglevel, const char *formatP, const char *formatP2)
snprintf_P(log_data, sizeof(log_data), formatP); snprintf_P(log_data, sizeof(log_data), formatP);
snprintf_P(message, sizeof(message), formatP2); snprintf_P(message, sizeof(message), formatP2);
strncat(log_data, message, sizeof(log_data)); strncat(log_data, message, sizeof(log_data) - strlen(log_data) -1);
AddLog(loglevel); AddLog(loglevel);
} }

4
sonoff/support_features.ino
View File

@ -358,8 +358,10 @@ void GetFeatures(void)
#ifdef USE_TX20_WIND_SENSOR #ifdef USE_TX20_WIND_SENSOR
feature_sns2 |= 0x00002000; // xsns_35_tx20.ino feature_sns2 |= 0x00002000; // xsns_35_tx20.ino
#endif #endif
#ifdef USE_MGC3130
feature_sns2 |= 0x00004000; // xsns_36_mgc3130.ino
#endif
// feature_sns2 |= 0x00004000;
// feature_sns2 |= 0x00008000; // feature_sns2 |= 0x00008000;
// feature_sns2 |= 0x00010000; // feature_sns2 |= 0x00010000;
// feature_sns2 |= 0x00020000; // feature_sns2 |= 0x00020000;

3
sonoff/support_rtc.ino
View File

@ -124,12 +124,13 @@ String GetDateAndTime(byte time_type)
tmpTime = RtcTime; tmpTime = RtcTime;
} }
snprintf_P(dt, sizeof(dt), PSTR("%04d-%02d-%02dT%02d:%02d:%02d"), snprintf_P(dt, sizeof(dt), PSTR("%04d-%02d-%02dT%02d:%02d:%02d"),
tmpTime.year, tmpTime.month, tmpTime.day_of_month, tmpTime.hour, tmpTime.minute, tmpTime.second); tmpTime.year, tmpTime.month, tmpTime.day_of_month, tmpTime.hour, tmpTime.minute, tmpTime.second);
if (Settings.flag3.time_append_timezone && (DT_LOCAL == time_type)) { if (Settings.flag3.time_append_timezone && (DT_LOCAL == time_type)) {
// if (Settings.flag3.time_append_timezone && ((DT_LOCAL == time_type) || (DT_ENERGY == time_type))) { // if (Settings.flag3.time_append_timezone && ((DT_LOCAL == time_type) || (DT_ENERGY == time_type))) {
strncat(dt, GetTimeZone().c_str(), sizeof(dt)); strncat(dt, GetTimeZone().c_str(), sizeof(dt) - strlen(dt) -1);
} }
return String(dt); // 2017-03-07T11:08:02-07:00 return String(dt); // 2017-03-07T11:08:02-07:00

2
sonoff/xdrv_02_mqtt.ino
View File

@ -925,7 +925,7 @@ boolean Xdrv02(byte function)
switch (function) { switch (function) {
#ifdef USE_WEBSERVER #ifdef USE_WEBSERVER
case FUNC_WEB_ADD_BUTTON: case FUNC_WEB_ADD_BUTTON:
strncat_P(mqtt_data, HTTP_BTN_MENU_MQTT, sizeof(mqtt_data)); strncat_P(mqtt_data, HTTP_BTN_MENU_MQTT, sizeof(mqtt_data) - strlen(mqtt_data) -1);
break; break;
case FUNC_WEB_ADD_HANDLER: case FUNC_WEB_ADD_HANDLER:
WebServer->on("/" WEB_HANDLE_MQTT, HandleMqttConfiguration); WebServer->on("/" WEB_HANDLE_MQTT, HandleMqttConfiguration);

2
sonoff/xdrv_07_domoticz.ino
View File

@ -485,7 +485,7 @@ boolean Xdrv07(byte function)
switch (function) { switch (function) {
#ifdef USE_WEBSERVER #ifdef USE_WEBSERVER
case FUNC_WEB_ADD_BUTTON: case FUNC_WEB_ADD_BUTTON:
strncat_P(mqtt_data, HTTP_BTN_MENU_DOMOTICZ, sizeof(mqtt_data)); strncat_P(mqtt_data, HTTP_BTN_MENU_DOMOTICZ, sizeof(mqtt_data) - strlen(mqtt_data) -1);
break; break;
case FUNC_WEB_ADD_HANDLER: case FUNC_WEB_ADD_HANDLER:
WebServer->on("/" WEB_HANDLE_DOMOTICZ, HandleDomoticzConfiguration); WebServer->on("/" WEB_HANDLE_DOMOTICZ, HandleDomoticzConfiguration);

4
sonoff/xdrv_09_timers.ino
View File

@ -757,9 +757,9 @@ boolean Xdrv09(byte function)
#ifdef USE_TIMERS_WEB #ifdef USE_TIMERS_WEB
case FUNC_WEB_ADD_BUTTON: case FUNC_WEB_ADD_BUTTON:
#ifdef USE_RULES #ifdef USE_RULES
strncat_P(mqtt_data, HTTP_BTN_MENU_TIMER, sizeof(mqtt_data)); strncat_P(mqtt_data, HTTP_BTN_MENU_TIMER, sizeof(mqtt_data) - strlen(mqtt_data) -1);
#else #else
if (devices_present) { strncat_P(mqtt_data, HTTP_BTN_MENU_TIMER, sizeof(mqtt_data)); } if (devices_present) { strncat_P(mqtt_data, HTTP_BTN_MENU_TIMER, sizeof(mqtt_data) - strlen(mqtt_data) -1); }
#endif // USE_RULES #endif // USE_RULES
break; break;
case FUNC_WEB_ADD_HANDLER: case FUNC_WEB_ADD_HANDLER:

2
sonoff/xdrv_11_knx.ino
View File

@ -1290,7 +1290,7 @@ boolean Xdrv11(byte function)
#ifdef USE_WEBSERVER #ifdef USE_WEBSERVER
#ifdef USE_KNX_WEB_MENU #ifdef USE_KNX_WEB_MENU
case FUNC_WEB_ADD_BUTTON: case FUNC_WEB_ADD_BUTTON:
strncat_P(mqtt_data, HTTP_BTN_MENU_KNX, sizeof(mqtt_data)); strncat_P(mqtt_data, HTTP_BTN_MENU_KNX, sizeof(mqtt_data) - strlen(mqtt_data) -1);
break; break;
case FUNC_WEB_ADD_HANDLER: case FUNC_WEB_ADD_HANDLER:
WebServer->on("/kn", HandleKNXConfiguration); WebServer->on("/kn", HandleKNXConfiguration);

6
sonoff/xdrv_13_display.ino
View File

@ -819,11 +819,11 @@ void DisplayMqttSubscribe(void)
if (!strcmp_P(tp, PSTR(MQTT_TOKEN_PREFIX))) { if (!strcmp_P(tp, PSTR(MQTT_TOKEN_PREFIX))) {
break; break;
} }
strncat_P(ntopic, PSTR("+/"), sizeof(ntopic)); // Add single-level wildcards strncat_P(ntopic, PSTR("+/"), sizeof(ntopic) - strlen(ntopic) -1); // Add single-level wildcards
tp = strtok(NULL, "/"); tp = strtok(NULL, "/");
} }
strncat(ntopic, Settings.mqtt_prefix[2], sizeof(ntopic)); // Subscribe to tele messages strncat(ntopic, Settings.mqtt_prefix[2], sizeof(ntopic) - strlen(ntopic) -1); // Subscribe to tele messages
strncat_P(ntopic, PSTR("/#"), sizeof(ntopic)); // Add multi-level wildcard strncat_P(ntopic, PSTR("/#"), sizeof(ntopic) - strlen(ntopic) -1); // Add multi-level wildcard
MqttSubscribe(ntopic); MqttSubscribe(ntopic);
disp_subscribed = 1; disp_subscribed = 1;
} else { } else {

2
sonoff/xdsp_03_matrix.ino
View File

@ -251,7 +251,7 @@ void MatrixPrintLog(uint8_t direction)
space = 0; space = 0;
} }
if (space < 2) { if (space < 2) {
strncat(mtx_buffer, (const char*)txt +i, 1); strncat(mtx_buffer, (const char*)txt +i, (strlen(mtx_buffer) < sizeof(mtx_buffer) -1) ? 1 : 0);
} }
i++; i++;
} }

4
sonoff/xsns_34_hx711.ino
View File

@ -496,10 +496,10 @@ boolean Xsns34(byte function)
break; break;
#ifdef USE_HX711_GUI #ifdef USE_HX711_GUI
case FUNC_WEB_ADD_MAIN_BUTTON: case FUNC_WEB_ADD_MAIN_BUTTON:
strncat_P(mqtt_data, HTTP_BTN_MENU_MAIN_HX711, sizeof(mqtt_data)); strncat_P(mqtt_data, HTTP_BTN_MENU_MAIN_HX711, sizeof(mqtt_data) - strlen(mqtt_data) -1);
break; break;
case FUNC_WEB_ADD_BUTTON: case FUNC_WEB_ADD_BUTTON:
strncat_P(mqtt_data, HTTP_BTN_MENU_HX711, sizeof(mqtt_data)); strncat_P(mqtt_data, HTTP_BTN_MENU_HX711, sizeof(mqtt_data) - strlen(mqtt_data) -1);
break; break;
case FUNC_WEB_ADD_HANDLER: case FUNC_WEB_ADD_HANDLER:
WebServer->on("/" WEB_HANDLE_HX711, HandleHxAction); WebServer->on("/" WEB_HANDLE_HX711, HandleHxAction);

2
tools/decode-status.py
View File

@ -132,7 +132,7 @@ a_features = [[
"USE_MCP230xx","USE_MPR121","USE_CCS811","USE_MPU6050", "USE_MCP230xx","USE_MPR121","USE_CCS811","USE_MPU6050",
"USE_MCP230xx_OUTPUT","USE_MCP230xx_DISPLAYOUTPUT","USE_HLW8012","USE_CSE7766", "USE_MCP230xx_OUTPUT","USE_MCP230xx_DISPLAYOUTPUT","USE_HLW8012","USE_CSE7766",
"USE_MCP39F501","USE_PZEM_AC","USE_DS3231","USE_HX711", "USE_MCP39F501","USE_PZEM_AC","USE_DS3231","USE_HX711",
"USE_PZEM_DC","USE_TX20_WIND_SENSOR","","", "USE_PZEM_DC","USE_TX20_WIND_SENSOR","USE_MGC3130","",
"","","","", "","","","",
"","","","", "","","","",
"","","","", "","","","",