Skip to content

Commit

Permalink
bt: audio: shell: Fix possible buffer overflow
Browse files Browse the repository at this point in the history 
Check the size of the search argument in cmd_media_set_search
before copying it.

Signed-off-by: Flavio Ceolin <[email protected]>
  • Loading branch information
@fabiobaltieri
Flavio Ceolin authored and fabiobaltieri committed Jul 20, 2023
1 parent 02e70f5 commit e55af04
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion subsys/bluetooth/audio/shell/media_controller.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1230,9 +1230,16 @@ static int cmd_media_set_search(const struct shell *sh, size_t argc, char *argv[
*/

struct mpl_search search;
size_t len;
int err;

search.len = strlen(argv[1]);
len = strlen(argv[1]);
if (len > sizeof(search.search)) {
shell_print(sh, "Fail: Invalid argument");
return -EINVAL;
}

search.len = len;
memcpy(search.search, argv[1], search.len);
LOG_DBG("Search string: %s", argv[1]);

Expand Down

0 comments on commit e55af04

Please sign in to comment.