fix some possible buffer overflows

2020-08-21 10:25:00 +02:00
parent 8b4efadb2a
commit 183b2c3532
7 changed files with 19 additions and 19 deletions
--- a/src/app/weather/weather_fetch.cpp
+++ b/src/app/weather/weather_fetch.cpp
@@ -117,8 +117,8 @@ int weather_fetch_forecast( weather_config_t *weather_config, weather_forcast_t
        snprintf( weather_forecast[ i ].temp, sizeof( weather_forecast[ i ].temp ),"%0.1f°%s", doc["list"][i]["main"]["temp"].as<float>(), weather_units_symbol );
        snprintf( weather_forecast[ i ].humidity, sizeof( weather_forecast[ i ].humidity ),"%f%%", doc["list"][i]["main"]["humidity"].as<float>() );
        snprintf( weather_forecast[ i ].pressure, sizeof( weather_forecast[ i ].pressure ),"%fpha", doc["list"][i]["main"]["pressure"].as<float>() );
-        strcpy( weather_forecast[ i ].icon, doc["list"][i]["weather"][0]["icon"] );
-        strcpy( weather_forecast[ i ].name, doc["city"]["name"] );
+        strlcpy( weather_forecast[ i ].icon, doc["list"][i]["weather"][0]["icon"], sizeof(  weather_forecast[ i ].icon ) );
+        strlcpy( weather_forecast[ i ].name, doc["city"]["name"], sizeof( weather_forecast[ i ].name ) );

        int directionDegree = doc["list"][i]["wind"]["deg"].as<int>();
        int speed = doc["list"][i]["wind"]["speed"].as<int>();
--- a/src/app/weather/weather_setup.cpp
+++ b/src/app/weather/weather_setup.cpp
@@ -250,9 +250,9 @@ static void exit_weather_widget_setup_event_cb( lv_obj_t * obj, lv_event_t event
    switch( event ) {
        case( LV_EVENT_CLICKED ):           keyboard_hide();
                                            weather_config_t *weather_config = weather_get_config();
-                                            strcpy( weather_config->apikey, lv_textarea_get_text( weather_apikey_textfield ) );
-                                            strcpy( weather_config->lat, lv_textarea_get_text( weather_lat_textfield ) );
-                                            strcpy( weather_config->lon, lv_textarea_get_text( weather_lon_textfield ) );
+                                            strlcpy( weather_config->apikey, lv_textarea_get_text( weather_apikey_textfield ), sizeof( weather_config->apikey ) );
+                                            strlcpy( weather_config->lat, lv_textarea_get_text( weather_lat_textfield ), sizeof( weather_config->lat ) );
+                                            strlcpy( weather_config->lon, lv_textarea_get_text( weather_lon_textfield ), sizeof( weather_config->lon ) );
                                            weather_save_config();
                                            weather_jump_to_forecast();
                                            break;
@@ -280,9 +280,9 @@ void bluetooth_message_msg_pharse( char* msg ) {
            if ( !strcmp( doc["app"], "weather" ) ) {

                weather_config_t *weather_config = weather_get_config();
-                strcpy( weather_config->apikey, doc["apikey"] );
-                strcpy( weather_config->lat, doc["lat"] );
-                strcpy( weather_config->lon, doc["lon"] );
+                strlcpy( weather_config->apikey, doc["apikey"], sizeof( weather_config->apikey ) );
+                strlcpy( weather_config->lat, doc["lat"], sizeof( weather_config->lat ) );
+                strlcpy( weather_config->lon, doc["lon"], sizeof( weather_config->lon ) );
                weather_save_config();
                motor_vibe(100);
            }
--- a/src/config.h
+++ b/src/config.h
@@ -32,6 +32,6 @@
    /*
    * firmeware version string
    */
-    #define __FIRMWARE__            "2020082103"
+    #define __FIRMWARE__            "2020082104"

 #endif // _CONFIG_H
--- a/src/gui/mainbar/setup_tile/update/update_check_version.cpp
+++ b/src/gui/mainbar/setup_tile/update/update_check_version.cpp
@@ -74,7 +74,7 @@ int64_t update_check_new_version( char *url ) {
            }
            firmwarehost = tmp_firmwarehost;
        }
-        strcpy( firmwarehost, doc["host"] );
+        strlcpy( firmwarehost, doc["host"], sizeof( firmwarehost ) );
        log_i("firmwarehost: %s", firmwarehost );
    }

@@ -94,7 +94,7 @@ int64_t update_check_new_version( char *url ) {
            }
            firmwarefile = tmp_firmwarefile;
        }
-        strcpy( firmwarefile, doc["file"] );
+        strlcpy( firmwarefile, doc["file"], sizeof( firmwarefile ) );
        log_i("firmwarefile: %s", firmwarefile );
    }

--- a/src/hardware/wifictl.cpp
+++ b/src/hardware/wifictl.cpp
@@ -410,7 +410,7 @@ bool wifictl_insert_network( const char *ssid, const char *password ) {
  // check if existin
  for( int entry = 0 ; entry < NETWORKLIST_ENTRYS; entry++ ) {
    if( !strcmp( ssid, wifictl_networklist[ entry ].ssid ) ) {
-      strncpy( wifictl_networklist[ entry ].password, password, sizeof( wifictl_networklist[ entry ].password ) );
+      strlcpy( wifictl_networklist[ entry ].password, password, sizeof( wifictl_networklist[ entry ].password ) );
      wifictl_save_config();
      WiFi.scanNetworks();
      wifictl_set_event( WIFICTL_SCAN );
@@ -420,8 +420,8 @@ bool wifictl_insert_network( const char *ssid, const char *password ) {
  // check for an emty entry
  for( int entry = 0 ; entry < NETWORKLIST_ENTRYS; entry++ ) {
    if( strlen( wifictl_networklist[ entry ].ssid ) == 0 ) {
-      strncpy( wifictl_networklist[ entry ].ssid, ssid, sizeof( wifictl_networklist[ entry ].ssid ) );
-      strncpy( wifictl_networklist[ entry ].password, password, sizeof( wifictl_networklist[ entry ].password ) );
+      strlcpy( wifictl_networklist[ entry ].ssid, ssid, sizeof( wifictl_networklist[ entry ].ssid ) );
+      strlcpy( wifictl_networklist[ entry ].password, password, sizeof( wifictl_networklist[ entry ].password ) );
      wifictl_save_config();
      WiFi.scanNetworks();
      wifictl_set_event( WIFICTL_SCAN );
@@ -486,10 +486,10 @@ void wifictl_start_wps( void ) {

  esp_wps_config.crypto_funcs = &g_wifi_default_wps_crypto_funcs;
  esp_wps_config.wps_type = ESP_WPS_MODE;
-  strcpy(esp_wps_config.factory_info.manufacturer, ESP_MANUFACTURER);
-  strcpy(esp_wps_config.factory_info.model_number, ESP_MODEL_NUMBER);
-  strcpy(esp_wps_config.factory_info.model_name, ESP_MODEL_NAME);
-  strcpy(esp_wps_config.factory_info.device_name, ESP_DEVICE_NAME);
+  strlcpy( esp_wps_config.factory_info.manufacturer, ESP_MANUFACTURER, sizeof( esp_wps_config.factory_info.manufacturer ) );
+  strlcpy( esp_wps_config.factory_info.model_number, ESP_MODEL_NUMBER, sizeof( esp_wps_config.factory_info.model_number ) );
+  strlcpy( esp_wps_config.factory_info.model_name, ESP_MODEL_NAME, sizeof( esp_wps_config.factory_info.model_name ) );
+  strlcpy( esp_wps_config.factory_info.device_name, ESP_DEVICE_NAME, sizeof( esp_wps_config.factory_info.device_name ) );

  WiFi.mode( WIFI_OFF );
  esp_wifi_stop();
--- a/ttgo-t-watch2020_v1.ino.bin
+++ b/ttgo-t-watch2020_v1.ino.bin
--- a/ttgo-t-watch2020_v1.version.json
+++ b/ttgo-t-watch2020_v1.version.json
@@ -1 +1 @@
-{"version":"2020082103","host":"http://www.neo-guerillaz.de","file":"ttgo-t-watch2020_v1.ino.bin"}
+{"version":"2020082104","host":"http://www.neo-guerillaz.de","file":"ttgo-t-watch2020_v1.ino.bin"}