Skip to content

Commit d3ea4f0

Browse files
rzrgithub-advanced-security[bot]
rzr
and
github-advanced-security[bot]
committed
z_api_demo: Harden zwave_api_demo_commands.c by checking snprintf
Checking snprintf results, reminder : If the output was truncated due to this limit, then the return value is the number of characters (excluding the terminating null byte) which would have been written to the final string if enough space had been available This was found using CodeQL Origin: SiliconLabsSoftware#119 Relate-to: SiliconLabsSoftware#100 Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Philippe Coval <philippe.coval@silabs.com>
1 parent 7d28bad commit d3ea4f0

File tree

1 file changed

+57
-15
lines changed

1 file changed

+57
-15
lines changed

applications/zpc/applications/zwave_api_demo/src/zwave_api_demo_commands.c

Lines changed: 57 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
*****************************************************************************/
1313

1414
#include "zwave_api_demo.h"
15+
#include <assert.h>
1516
#include <string.h>
1617

1718
extern bool exit_program;
@@ -307,18 +308,32 @@ static sl_status_t request_nif()
307308
static sl_status_t node_list()
308309
{
309310
zwave_nodemask_t node_list = {0};
310-
311+
int written = 0;
311312
sl_status_t command_status = zwapi_get_node_list(node_list);
312313
if (command_status == SL_STATUS_OK) {
313314
char message[MAXIMUM_MESSAGE_SIZE];
314315
uint16_t index = 0;
315-
index
316-
+= snprintf(message + index, sizeof(message) - index, "NodeID List: ");
316+
317+
written
318+
= snprintf(message + index, sizeof(message) - index, "NodeID List: ");
319+
if (written < 0 || written >= (int)(sizeof(message) - index)) {
320+
sl_log_error(LOG_TAG, "Overflow in node_list\n");
321+
assert(false);
322+
return SL_STATUS_WOULD_OVERFLOW;
323+
}
324+
index += written;
325+
317326
for (zwave_node_id_t node_id = ZW_MIN_NODE_ID; node_id <= ZW_LR_MAX_NODE_ID;
318327
node_id++) {
319328
if (ZW_IS_NODE_IN_MASK(node_id, node_list) == 1) {
320-
index
321-
+= snprintf(message + index, sizeof(message) - index, "%d ", node_id);
329+
written
330+
= snprintf(message + index, sizeof(message) - index, "%d ", node_id);
331+
if (written < 0 || written >= (int)(sizeof(message) - index)) {
332+
sl_log_error(LOG_TAG, "Overflow in node_list\n");
333+
assert(false);
334+
return SL_STATUS_WOULD_OVERFLOW;
335+
}
336+
index += written;
322337
}
323338
}
324339
sl_log_info(LOG_TAG, "%s\n", message);
@@ -337,15 +352,28 @@ static sl_status_t failed_node_list()
337352
}
338353
char message[MAXIMUM_MESSAGE_SIZE];
339354
uint16_t index = 0;
340-
index += snprintf(message + index,
341-
sizeof(message) - index,
342-
"Failed NodeID List: ");
355+
int written = snprintf(message + index,
356+
sizeof(message) - index,
357+
"Failed NodeID List: ");
358+
if (written < 0 || written >= (int)(sizeof(message) - index)) {
359+
sl_log_error(LOG_TAG, "Overflow in failed_node_list\n");
360+
assert(false);
361+
return SL_STATUS_WOULD_OVERFLOW;
362+
}
363+
index += written;
364+
343365
for (zwave_node_id_t node_id = ZW_MIN_NODE_ID; node_id <= ZW_LR_MAX_NODE_ID;
344366
node_id++) {
345367
if (ZW_IS_NODE_IN_MASK(node_id, node_list) == 1) {
346368
if (zwapi_is_node_failed(node_id)) {
347-
index
348-
+= snprintf(message + index, sizeof(message) - index, "%d ", node_id);
369+
written
370+
= snprintf(message + index, sizeof(message) - index, "%d ", node_id);
371+
if (written < 0 || written >= (int)(sizeof(message) - index)) {
372+
sl_log_error(LOG_TAG, "Overflow in failed_node_list\n");
373+
assert(false);
374+
return SL_STATUS_WOULD_OVERFLOW;
375+
}
376+
index += written;
349377
}
350378
}
351379
}
@@ -359,17 +387,31 @@ static sl_status_t virtual_node_list()
359387
zwave_nodemask_t node_list = {0};
360388

361389
sl_status_t command_status = zwapi_get_virtual_nodes(node_list);
390+
int written = 0;
362391
if (command_status == SL_STATUS_OK) {
363392
char message[MAXIMUM_MESSAGE_SIZE];
364393
uint16_t index = 0;
365-
index += snprintf(message + index,
366-
sizeof(message) - index,
367-
"Virtual NodeID List: ");
394+
written = snprintf(message + index,
395+
sizeof(message) - index,
396+
"Virtual NodeID List: ");
397+
if (written < 0 || written >= (int)(sizeof(message) - index)) {
398+
sl_log_error(LOG_TAG, "Overflow in virtual_node_list\n");
399+
assert(false);
400+
return SL_STATUS_WOULD_OVERFLOW;
401+
}
402+
index += written;
403+
368404
for (zwave_node_id_t node_id = ZW_MIN_NODE_ID; node_id <= ZW_LR_MAX_NODE_ID;
369405
node_id++) {
370406
if (ZW_IS_NODE_IN_MASK(node_id, node_list) == 1) {
371-
index
372-
+= snprintf(message + index, sizeof(message) - index, "%d ", node_id);
407+
written
408+
= snprintf(message + index, sizeof(message) - index, "%d ", node_id);
409+
if (written < 0 || written >= (int)(sizeof(message) - index)) {
410+
sl_log_error(LOG_TAG, "Overflow in virtual_node_list\n");
411+
assert(false);
412+
return SL_STATUS_WOULD_OVERFLOW;
413+
}
414+
index += written;
373415
}
374416
}
375417
sl_log_info(LOG_TAG, "%s\n", message);

0 commit comments

Comments
 (0)