From 2a874660a97f31a9cde4625055cf61ab27308856 Mon Sep 17 00:00:00 2001 From: Pavlin Radoslavov Date: Sat, 18 Mar 2017 19:35:06 -0700 Subject: [PATCH] Store a name string in property without violating string boundaries Don't copy data beyond end of string when storing it as BT_PROPERTY_BDNAME in property. Also, update an unit test to create a string by considering the property name length. Test: Running unit tests with ASAN enabled Change-Id: Iaa586b4a0942f99ba469d1ed963729e7ad721503 --- btcore/src/property.cc | 8 ++++++-- test/suite/adapter/adapter_unittest.cc | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/btcore/src/property.cc b/btcore/src/property.cc index 1e314f043..8d805adb4 100644 --- a/btcore/src/property.cc +++ b/btcore/src/property.cc @@ -219,8 +219,12 @@ static bt_property_t* property_new_(void* val, size_t len, bt_property_t* property = static_cast(osi_calloc(sizeof(bt_property_t))); - property->val = osi_malloc(len); - memcpy(property->val, val, len); + property->val = osi_calloc(len); + if (type == BT_PROPERTY_BDNAME) { + strncpy((char*)property->val, (const char*)val, len); + } else { + memcpy(property->val, val, len); + } property->type = type; property->len = len; diff --git a/test/suite/adapter/adapter_unittest.cc b/test/suite/adapter/adapter_unittest.cc index 730ac5a30..02678c2ba 100644 --- a/test/suite/adapter/adapter_unittest.cc +++ b/test/suite/adapter/adapter_unittest.cc @@ -82,7 +82,8 @@ TEST_F(BluetoothTest, AdapterSetGetName) { property_free(new_name); new_name = property_new_name("BluetoothTestName2"); } - std::string old_name((const char*)property_as_name(name_property)->name); + std::string old_name((const char*)property_as_name(name_property)->name, + name_property->len); EXPECT_EQ(bt_interface()->set_adapter_property(new_name), BT_STATUS_SUCCESS); semaphore_wait(adapter_properties_callback_sem_); -- 2.11.0