Skip to content

Commit f4b3f61

Browse files
rzrgithub-advanced-security[bot]
rzr
and
github-advanced-security[bot]
committed
z_api_demo: Harden zwave_api_demo_callbacks.c by checking snprintf
Checking snprintf results, reminder : If the output was truncated due to this limit, then the return value is the number of characters (excluding the terminating null byte) which would have been written to the final string if enough space had been available This was found using CodeQL: Potential fix for code scanning alerts (6,7,8): Potentially overflowing call to snprintf Relate-to: SiliconLabsSoftware#100 Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Philippe Coval <[email protected]>
1 parent 0b3dc7b commit f4b3f61

File tree

1 file changed

+138
-49
lines changed

1 file changed

+138
-49
lines changed

applications/zpc/applications/zwave_api_demo/src/zwave_api_demo_callbacks.c

Lines changed: 138 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
*
1212
*****************************************************************************/
1313

14+
#include <assert.h>
1415
#include "zwave_api_demo.h"
1516

1617
#define LOG_TAG "zwapi_api_demo_callbacks"
@@ -26,30 +27,66 @@ void zwapi_demo_application_handler(uint8_t rx_status,
2627
char message[MAXIMUM_MESSAGE_SIZE];
2728
uint16_t index = 0;
2829

29-
index += snprintf(message + index,
30-
sizeof(message) - index,
31-
"Z-Wave Command received: ");
32-
index += snprintf(message + index,
33-
sizeof(message) - index,
34-
"rx_status: %d - ",
35-
rx_status);
36-
index += snprintf(message + index,
37-
sizeof(message) - index,
38-
"destination NodeID: %d - ",
39-
destination_node_id);
40-
index += snprintf(message + index,
41-
sizeof(message) - index,
42-
"source NodeID: %d - ",
43-
source_node_id);
44-
index += snprintf(message + index,
45-
sizeof(message) - index,
46-
"RSSI value: %d - Payload: ",
47-
rssi_value);
30+
int written = snprintf(message + index,
31+
sizeof(message) - index,
32+
"Z-Wave Command received: ");
33+
if (written < 0 || written >= sizeof(message) - index) {
34+
sl_log_error(LOG_TAG, "Overflow in zwapi_demo_application_handler\n");
35+
assert(false);
36+
return;
37+
}
38+
index += written;
39+
written = snprintf(message + index,
40+
sizeof(message) - index,
41+
"rx_status: %d - ",
42+
rx_status);
43+
if (written < 0 || written >= sizeof(message) - index) {
44+
sl_log_error(LOG_TAG, "Overflow in zwapi_demo_application_handler\n");
45+
assert(false);
46+
return;
47+
}
48+
index += written;
49+
written = snprintf(message + index,
50+
sizeof(message) - index,
51+
"destination NodeID: %d - ",
52+
destination_node_id);
53+
if (written < 0 || written >= sizeof(message) - index) {
54+
sl_log_error(LOG_TAG, "Overflow in zwapi_demo_application_handler\n");
55+
assert(false);
56+
return;
57+
}
58+
index += written;
59+
written = snprintf(message + index,
60+
sizeof(message) - index,
61+
"source NodeID: %d - ",
62+
source_node_id);
63+
if (written < 0 || written >= sizeof(message) - index) {
64+
sl_log_error(LOG_TAG, "Overflow in zwapi_demo_application_handler\n");
65+
assert(false);
66+
return;
67+
}
68+
index += written;
69+
written = snprintf(message + index,
70+
sizeof(message) - index,
71+
"RSSI value: %d - Payload: ",
72+
rssi_value);
73+
if (written < 0 || written >= sizeof(message) - index) {
74+
sl_log_error(LOG_TAG, "Overflow in zwapi_demo_application_handler\n");
75+
assert(false);
76+
return;
77+
}
78+
index += written;
4879
for (uint8_t i = 0; i < zwave_command_length; i++) {
49-
index += snprintf(message + index,
50-
sizeof(message) - index,
51-
"%02X ",
52-
zwave_command[i]);
80+
written = snprintf(message + index,
81+
sizeof(message) - index,
82+
"%02X ",
83+
zwave_command[i]);
84+
if (written < 0 || written >= sizeof(message) - index) {
85+
sl_log_error(LOG_TAG, "Overflow in zwapi_demo_application_handler\n");
86+
assert(false);
87+
return;
88+
}
89+
index += written;
5390
}
5491
sl_log_debug(LOG_TAG, "%s\n", message);
5592
}
@@ -64,28 +101,68 @@ void zwapi_demo_application_controller_update(uint8_t status,
64101
char message[MAXIMUM_MESSAGE_SIZE];
65102
uint16_t index = 0;
66103

67-
index += snprintf(message + index, sizeof(message) - index, "NIF received: ");
68-
index += snprintf(message + index,
69-
sizeof(message) - index,
70-
"status: %d - ",
71-
status);
72-
index += snprintf(message + index,
73-
sizeof(message) - index,
74-
"NodeID: %d - ",
75-
node_id);
76-
77-
index += snprintf(message + index,
78-
sizeof(message) - index,
79-
"NWI HomeID: %X - ",
80-
nwi_home_id);
81-
82-
index += snprintf(message + index, sizeof(message) - index, "NIF Contents:");
83-
104+
int written
105+
= snprintf(message + index, sizeof(message) - index, "NIF received: ");
106+
if (written < 0 || written >= sizeof(message) - index) {
107+
sl_log_error(LOG_TAG,
108+
"Overflow in zwapi_demo_application_controller_update\n");
109+
assert(false);
110+
return;
111+
}
112+
index += written;
113+
written = snprintf(message + index,
114+
sizeof(message) - index,
115+
"status: %d - ",
116+
status);
117+
if (written < 0 || written >= sizeof(message) - index) {
118+
sl_log_error(LOG_TAG,
119+
"Overflow in zwapi_demo_application_controller_update\n");
120+
assert(false);
121+
return;
122+
}
123+
index += written;
124+
written = snprintf(message + index,
125+
sizeof(message) - index,
126+
"NodeID: %d - ",
127+
node_id);
128+
if (written < 0 || written >= sizeof(message) - index) {
129+
sl_log_error(LOG_TAG,
130+
"Overflow in zwapi_demo_application_controller_update\n");
131+
assert(false);
132+
return;
133+
}
134+
index += written;
135+
written = snprintf(message + index,
136+
sizeof(message) - index,
137+
"NWI HomeID: %X - ",
138+
nwi_home_id);
139+
if (written < 0 || written >= sizeof(message) - index) {
140+
sl_log_error(LOG_TAG,
141+
"Overflow in zwapi_demo_application_controller_update\n");
142+
assert(false);
143+
return;
144+
}
145+
index += written;
146+
written = snprintf(message + index, sizeof(message) - index, "NIF Contents:");
147+
if (written < 0 || written >= sizeof(message) - index) {
148+
sl_log_error(LOG_TAG,
149+
"Overflow in zwapi_demo_application_controller_update\n");
150+
assert(false);
151+
return;
152+
}
153+
index += written;
84154
for (uint8_t i = 0; i < zwave_nif_length; i++) {
85-
index += snprintf(message + index,
86-
sizeof(message) - index,
87-
"%02X ",
88-
zwave_nif[i]);
155+
written = snprintf(message + index,
156+
sizeof(message) - index,
157+
"%02X ",
158+
zwave_nif[i]);
159+
if (written < 0 || written >= sizeof(message) - index) {
160+
sl_log_error(LOG_TAG,
161+
"Overflow in zwapi_demo_application_controller_update\n");
162+
assert(false);
163+
return;
164+
}
165+
index += written;
89166
}
90167
sl_log_debug(LOG_TAG, "%s\n", message);
91168
}
@@ -305,12 +382,24 @@ void zwapi_demo_zwave_api_started(const uint8_t *buffer, uint8_t buffer_length)
305382
char message[MAXIMUM_MESSAGE_SIZE];
306383
uint8_t index = 0;
307384

308-
index += snprintf(message + index,
309-
sizeof(message) - index,
310-
"Z-Wave API started. Current NIF: ");
385+
int written = snprintf(message + index,
386+
sizeof(message) - index,
387+
"Z-Wave API started. Current NIF: ");
388+
if (written < 0 || written >= (int)(sizeof(message) - index)) {
389+
sl_log_error(LOG_TAG, "Overflow in zwapi_demo_zwave_api_started\n");
390+
assert(false);
391+
return;
392+
}
393+
index += written;
311394
for (uint8_t i = 0; i < buffer_length; i++) {
312-
index
313-
+= snprintf(message + index, sizeof(message) - index, "%02X ", buffer[i]);
395+
written
396+
= snprintf(message + index, sizeof(message) - index, "%02X ", buffer[i]);
397+
if (written < 0 || written >= (int)(sizeof(message) - index)) {
398+
sl_log_error(LOG_TAG, "Overflow in zwapi_demo_zwave_api_started\n");
399+
assert(false);
400+
return;
401+
}
402+
index += written;
314403
}
315404
sl_log_info(LOG_TAG, "%s\n", message);
316405
}

0 commit comments

Comments
 (0)