Skip to content

Commit 801e1a9

Browse files
rghaddabrghaddab
committed
settings: zms: use the safe function strnlen instead of strlen
if the provided name in argument is not null this could lead to un undefined behavior. Use strnlen to make this safe Signed-off-by: Riadh Ghaddab <[email protected]>
1 parent 413d869 commit 801e1a9

File tree

2 files changed

+10
-6
lines changed

2 files changed

+10
-6
lines changed

subsys/settings/include/settings/settings_zms.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,8 @@ extern "C" {
5454
* if a settings element is deleted it won't be found.
5555
*/
5656

57+
#define SETTINGS_FULL_NAME_LEN SETTINGS_MAX_NAME_LEN + SETTINGS_EXTRA_LEN + 1
58+
5759
#define ZMS_LL_HEAD_HASH_ID 0x80000000
5860
#define ZMS_DATA_ID_OFFSET 0x40000000
5961
#define ZMS_HASH_MASK GENMASK(29, CONFIG_SETTINGS_ZMS_MAX_COLLISIONS_BITS + 1)

subsys/settings/src/settings_zms.c

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -209,7 +209,7 @@ static ssize_t settings_zms_load_one(struct settings_store *cs, const char *name
209209
size_t buf_len)
210210
{
211211
struct settings_zms *cf = CONTAINER_OF(cs, struct settings_zms, cf_store);
212-
char r_name[SETTINGS_MAX_NAME_LEN + SETTINGS_EXTRA_LEN + 1];
212+
char r_name[SETTINGS_FULL_NAME_LEN];
213213
ssize_t rc = 0;
214214
uint32_t name_hash;
215215

@@ -218,7 +218,7 @@ static ssize_t settings_zms_load_one(struct settings_store *cs, const char *name
218218
return -EINVAL;
219219
}
220220

221-
name_hash = sys_hash32(name, strlen(name)) & ZMS_HASH_MASK;
221+
name_hash = sys_hash32(name, strnlen(name, SETTINGS_FULL_NAME_LEN)) & ZMS_HASH_MASK;
222222
for (int i = 0; i <= cf->hash_collision_num; i++) {
223223
name_hash = ZMS_UPDATE_COLLISION_NUM(name_hash, i);
224224
/* Get the name entry from ZMS */
@@ -250,7 +250,7 @@ static int settings_zms_load(struct settings_store *cs, const struct settings_lo
250250
struct settings_zms *cf = CONTAINER_OF(cs, struct settings_zms, cf_store);
251251
struct settings_zms_read_fn_arg read_fn_arg;
252252
struct settings_hash_linked_list settings_element;
253-
char name[SETTINGS_MAX_NAME_LEN + SETTINGS_EXTRA_LEN + 1];
253+
char name[SETTINGS_FULL_NAME_LEN];
254254
ssize_t rc1;
255255
ssize_t rc2;
256256
uint32_t ll_hash_id;
@@ -259,7 +259,9 @@ static int settings_zms_load(struct settings_store *cs, const struct settings_lo
259259

260260
/* If arg->subtree is not null we must load settings in that subtree */
261261
if (arg->subtree != NULL) {
262-
name_hash = sys_hash32(arg->subtree, strlen(arg->subtree)) & ZMS_HASH_MASK;
262+
name_hash =
263+
sys_hash32(arg->subtree, strnlen(arg->subtree, SETTINGS_FULL_NAME_LEN)) &
264+
ZMS_HASH_MASK;
263265
for (int i = 0; i <= cf->hash_collision_num; i++) {
264266
name_hash = ZMS_UPDATE_COLLISION_NUM(name_hash, i);
265267
/* Get the name entry from ZMS */
@@ -423,7 +425,7 @@ static int settings_zms_save(struct settings_store *cs, const char *name, const
423425
/* Find out if we are doing a delete */
424426
delete = ((value == NULL) || (val_len == 0));
425427

426-
name_hash = sys_hash32(name, strlen(name)) & ZMS_HASH_MASK;
428+
name_hash = sys_hash32(name, strnlen(name, SETTINGS_FULL_NAME_LEN)) & ZMS_HASH_MASK;
427429
/* MSB is always 1 */
428430
name_hash |= BIT(31);
429431

@@ -576,7 +578,7 @@ static int settings_zms_save(struct settings_store *cs, const char *name, const
576578
no_ll_update:
577579
#endif /* CONFIG_SETTINGS_ZMS_NO_LL_DELETE */
578580
/* Now let's write the name */
579-
rc = zms_write(&cf->cf_zms, name_hash, name, strlen(name));
581+
rc = zms_write(&cf->cf_zms, name_hash, name, strnlen(name, SETTINGS_FULL_NAME_LEN));
580582
if (rc < 0) {
581583
return rc;
582584
}

0 commit comments

Comments
 (0)