bt: audio: shell: Fix possible buffer overflow

Check the size of the search argument in cmd_mcc_send_search_raw
before copying it.

Signed-off-by: Flavio Ceolin <[email protected]>
(cherry picked from commit 02e70f5)

Author: Flavio Ceolin

subsys/bluetooth/audio/shell/mcc.c

@@ -1448,9 +1448,16 @@ static int cmd_mcc_send_search_raw(const struct shell *sh, size_t argc,
 				   char *argv[])
 {
 	int result;
+	size_t len;
 	struct mpl_search search;
 
-	search.len = strlen(argv[1]);
+	len = strlen(argv[1]);
+	if (len > sizeof(search.search)) {
+		shell_print(sh, "Fail: Invalid argument");
+		return -EINVAL;
+	}
+
+	search.len = len;
 	memcpy(search.search, argv[1], search.len);
 	LOG_DBG("Search string: %s", argv[1]);