Skip to content

Commit 0f48b3e

Browse files
rzrgithub-advanced-security[bot]
rzr
and
github-advanced-security[bot]
committed
Harden WIP: mod: applications/zpc/applications/zwave_api_demo/src/zwave_api_demo_callbacks.c (sec/main)
Potential fix for code scanning alerts (6,7,8): Potentially overflowing call to snprintf Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Philippe Coval <[email protected]>
1 parent 40a84a8 commit 0f48b3e

File tree

1 file changed

+140
-48
lines changed

1 file changed

+140
-48
lines changed

applications/zpc/applications/zwave_api_demo/src/zwave_api_demo_callbacks.c

Lines changed: 140 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
* sections of the MSLA applicable to Source Code.
1111
*
1212
*****************************************************************************/
13-
13+
#include <assert.h>
1414
#include "zwave_api_demo.h"
1515

1616
#define LOG_TAG "zwapi_api_demo_callbacks"
@@ -26,30 +26,70 @@ void zwapi_demo_application_handler(uint8_t rx_status,
2626
char message[MAXIMUM_MESSAGE_SIZE];
2727
uint16_t index = 0;
2828

29-
index += snprintf(message + index,
30-
sizeof(message) - index,
31-
"Z-Wave Command received: ");
32-
index += snprintf(message + index,
33-
sizeof(message) - index,
34-
"rx_status: %d - ",
35-
rx_status);
36-
index += snprintf(message + index,
37-
sizeof(message) - index,
38-
"destination NodeID: %d - ",
39-
destination_node_id);
40-
index += snprintf(message + index,
41-
sizeof(message) - index,
42-
"source NodeID: %d - ",
43-
source_node_id);
44-
index += snprintf(message + index,
45-
sizeof(message) - index,
46-
"RSSI value: %d - Payload: ",
47-
rssi_value);
29+
int written = snprintf(message + index,
30+
sizeof(message) - index,
31+
"Z-Wave Command received: ");
32+
if (written < 0 || written >= sizeof(message) - index) {
33+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
34+
assert(false);
35+
return;
36+
}
37+
index += written;
38+
written = snprintf(message + index,
39+
sizeof(message) - index,
40+
"rx_status: %d - ",
41+
rx_status);
42+
if (written < 0 || written >= sizeof(message) - index) {
43+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
44+
assert(false);
45+
break;
46+
}
47+
index += written;
48+
written = snprintf(message + index,
49+
sizeof(message) - index,
50+
"destination NodeID: %d - ",
51+
destination_node_id);
52+
if (written < 0 || written >= sizeof(message) - index) {
53+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
54+
assert(false);
55+
56+
break;
57+
}
58+
index += written;
59+
written = snprintf(message + index,
60+
sizeof(message) - index,
61+
"source NodeID: %d - ",
62+
source_node_id);
63+
if (written < 0 || written >= sizeof(message) - index) {
64+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
65+
assert(false);
66+
67+
break;
68+
}
69+
index += written;
70+
written = snprintf(message + index,
71+
sizeof(message) - index,
72+
"RSSI value: %d - Payload: ",
73+
rssi_value);
74+
if (written < 0 || written >= sizeof(message) - index) {
75+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
76+
assert(false);
77+
78+
break;
79+
}
80+
index += written;
4881
for (uint8_t i = 0; i < zwave_command_length; i++) {
49-
index += snprintf(message + index,
50-
sizeof(message) - index,
51-
"%02X ",
52-
zwave_command[i]);
82+
written = snprintf(message + index,
83+
sizeof(message) - index,
84+
"%02X ",
85+
zwave_command[i]);
86+
if (written < 0 || written >= sizeof(message) - index) {
87+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
88+
assert(false);
89+
90+
break;
91+
}
92+
index += written;
5393
}
5494
sl_log_debug(LOG_TAG, "%s\n", message);
5595
}
@@ -64,28 +104,68 @@ void zwapi_demo_application_controller_update(uint8_t status,
64104
char message[MAXIMUM_MESSAGE_SIZE];
65105
uint16_t index = 0;
66106

67-
index += snprintf(message + index, sizeof(message) - index, "NIF received: ");
68-
index += snprintf(message + index,
69-
sizeof(message) - index,
70-
"status: %d - ",
71-
status);
72-
index += snprintf(message + index,
73-
sizeof(message) - index,
74-
"NodeID: %d - ",
75-
node_id);
76-
77-
index += snprintf(message + index,
78-
sizeof(message) - index,
79-
"NWI HomeID: %X - ",
80-
nwi_home_id);
107+
int written
108+
= snprintf(message + index, sizeof(message) - index, "NIF received: ");
109+
if (written < 0 || written >= sizeof(message) - index) {
110+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
111+
assert(false);
81112

82-
index += snprintf(message + index, sizeof(message) - index, "NIF Contents:");
113+
return;
114+
}
115+
index += written;
116+
written = snprintf(message + index,
117+
sizeof(message) - index,
118+
"status: %d - ",
119+
status);
120+
if (written < 0 || written >= sizeof(message) - index) {
121+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
122+
assert(false);
123+
124+
break;
125+
}
126+
index += written;
127+
written = snprintf(message + index,
128+
sizeof(message) - index,
129+
"NodeID: %d - ",
130+
node_id);
131+
if (written < 0 || written >= sizeof(message) - index) {
132+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
133+
assert(false);
134+
135+
break;
136+
}
137+
index += written;
138+
written = snprintf(message + index,
139+
sizeof(message) - index,
140+
"NWI HomeID: %X - ",
141+
nwi_home_id);
142+
if (written < 0 || written >= sizeof(message) - index) {
143+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
144+
assert(false);
145+
146+
break;
147+
}
148+
index += written;
149+
written = snprintf(message + index, sizeof(message) - index, "NIF Contents:");
150+
if (written < 0 || written >= sizeof(message) - index) {
151+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
152+
assert(false);
83153

154+
break;
155+
}
156+
index += written;
84157
for (uint8_t i = 0; i < zwave_nif_length; i++) {
85-
index += snprintf(message + index,
86-
sizeof(message) - index,
87-
"%02X ",
88-
zwave_nif[i]);
158+
written = snprintf(message + index,
159+
sizeof(message) - index,
160+
"%02X ",
161+
zwave_nif[i]);
162+
if (written < 0 || written >= sizeof(message) - index) {
163+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
164+
assert(false);
165+
166+
break;
167+
}
168+
index += written;
89169
}
90170
sl_log_debug(LOG_TAG, "%s\n", message);
91171
}
@@ -305,12 +385,24 @@ void zwapi_demo_zwave_api_started(const uint8_t *buffer, uint8_t buffer_length)
305385
char message[MAXIMUM_MESSAGE_SIZE];
306386
uint8_t index = 0;
307387

308-
index += snprintf(message + index,
309-
sizeof(message) - index,
310-
"Z-Wave API started. Current NIF: ");
388+
int written = snprintf(message + index,
389+
sizeof(message) - index,
390+
"Z-Wave API started. Current NIF: ");
391+
if (written < 0 || written >= (int)(sizeof(message) - index)) {
392+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
393+
assert(false);
394+
return;
395+
}
396+
index += written;
311397
for (uint8_t i = 0; i < buffer_length; i++) {
312-
index
313-
+= snprintf(message + index, sizeof(message) - index, "%02X ", buffer[i]);
398+
written
399+
= snprintf(message + index, sizeof(message) - index, "%02X ", buffer[i]);
400+
if (written < 0 || written >= (int)(sizeof(message) - index)) {
401+
sl_log_error(LOG_TAG, "Buffer overflow prevented while writing message.");
402+
assert(false);
403+
return;
404+
}
405+
index += written;
314406
}
315407
sl_log_info(LOG_TAG, "%s\n", message);
316408
}

0 commit comments

Comments
 (0)