Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp153596lqo; Thu, 16 May 2024 02:08:19 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXd6uJG8YL8zAQgr3B5giF3LUcJJ4mQkmn0oEl2WepCAEDz/uf24dKhFzsq53T/QzKMav6zFdjzhxCMy/cJitC69I6qE4luablr443QHA== X-Google-Smtp-Source: AGHT+IGbpd88LYnEALGc4RUsOtpspNb78d5R07knwYlYrbjrfxf7AaWfm/9kfL4LZ3RU6BBu8vln X-Received: by 2002:a17:90a:d157:b0:2b2:d375:3b7c with SMTP id 98e67ed59e1d1-2b6ccc73104mr17273180a91.31.1715850498769; Thu, 16 May 2024 02:08:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715850498; cv=pass; d=google.com; s=arc-20160816; b=bfTPBQCQTVgyEhc3WkSkzavyn/A+ASBlR8kKgRzma29UKcTtCiJDjb/uG0PUR20dK0 c676N7X4cr9p+0tJYrIWPfK+3gD5ZnqaWJeGqdwbgsGW5LnH5UbLZ5rAVJqZztQoV+9a N3G0cqECLj7mWOFj4d8A9uWotv3ySN+HPi0kuCGuTpPDjJAMu9gDlPejOLAqMydBchQB c7zR7ioB/vdGh3JvsKxDRttL4IkTlqJ9VIifclhrPYU6EAb3KmVtUxJfk4TMwHBQMRdX mhmUeSRTB0aBGJ/IzOB5UEtr0qiIzhchSwDM3Yvj81VQ/08FOigt9Ou+3yd9y4JTD2Ti qxeQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=rVi983OlfcQ8RGzbWjdR8N2vmZuoKtQogyoE0u3tiI8=; fh=uo5u2TQK/HQlhydMwGLjBAnuDwaLxndJ/cgWTjIagS8=; b=A/SsqQIwTcYASws32ZTijna8mtbKk5/1AAVf7k/pPD/DRaVaxCObNggUWqAVxnE0rh QM/CNRgAp4bOXzNvcxMydZiwALmCVU2JfFHmygsz8WIeEpaJEkZZ4mn2mU0+HyR29rCK cPVIyuKnUULLqMnOwkiPst/Q+Cn/xRbcLqHR8iOwEhriFt9lOKq3aydWkIQcuj6TK/eQ 54uOhrDIRKiCREA+HxbMAWvfur6rqtRTogfZfxt95NTxcuNck95jahxdfKc2ZnfVNTP5 Vlx0ESbjfGRLRgrI4kia+EthImJWdN1I9jhDJfuzavfZB62pJ/iPIVRb9H4XfWKx7Wfi TEXQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=hadess.net); spf=pass (google.com: domain of linux-bluetooth+bounces-4697-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-4697-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2b9df19cc20si3059671a91.23.2024.05.16.02.08.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 May 2024 02:08:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-4697-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=hadess.net); spf=pass (google.com: domain of linux-bluetooth+bounces-4697-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-4697-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 76360B2383C for ; Thu, 16 May 2024 09:04:34 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7E1ED143757; Thu, 16 May 2024 09:03:53 +0000 (UTC) X-Original-To: linux-bluetooth@vger.kernel.org Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net [217.70.183.197]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 94618143723 for ; Thu, 16 May 2024 09:03:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.197 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715850233; cv=none; b=uMFjekW/rypUxXIDes9sQMTPT71ELJAvyM58xKsXCSRKA0c8sVawj23o8CyKmhd6y7s6t7BOc+cQRjG41guGq/DRa7CFNGFBzwHQjWifDSJGgpK53HqWIunO9i0FMNxmvAcywZ72/YGfBmEMMlbkEjWFvFEBVnoSFLejuw6ncd0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715850233; c=relaxed/simple; bh=Jk9CuUK1Vq4XCmvzya9AeYL6PQDfubXCa0q6QxXAV2s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=G6vV914t1tAstgTJK+S7KWuYvsWJKkOOZNxa53p99NajrkCIpfD2hNf2ho+ZqG++YtlTSZjQNMRQymhXTFvuVG+kMv5BXpQI7Nb58VmmkKbs4ssYGuSgYVrGvGvn2OKsGCnhjmS3V2U381ejQAEYSuzXowMNLrYrHny+SG7GYPE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.197 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id D63DB1C001A; Thu, 16 May 2024 09:03:44 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ 13/15] gdbus: Check sprintf retval Date: Thu, 16 May 2024 11:03:17 +0200 Message-ID: <20240516090340.61417-14-hadess@hadess.net> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240516090340.61417-1-hadess@hadess.net> References: <20240516090340.61417-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-GND-Sasl: hadess@hadess.net Error: SNYK_CODE_WARNING (CWE-125): [#def63] [important] bluez-5.75/gdbus/watch.c:131:11: error[cpp/NegativeIndex]: The value from snprintf, a standard library function that can return a negative value is used as an index. A negative array index can lead to reading or writing outside the bounds of the array. Ensure the value of the index used is within bounds before use. 129| int offset; 130| 131|-> offset = snprintf(rule, size, "type='signal'"); 132| sender = data->name ? : data->owner; 133| --- gdbus/watch.c | 46 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/gdbus/watch.c b/gdbus/watch.c index 25f367613a52..22f77ea72861 100644 --- a/gdbus/watch.c +++ b/gdbus/watch.c @@ -123,29 +123,51 @@ static struct filter_data *filter_data_find(DBusConnection *connection) return NULL; } -static void format_rule(struct filter_data *data, char *rule, size_t size) +static gboolean format_rule(struct filter_data *data, char *rule, size_t size) { const char *sender; - int offset; + int offset, ret; offset = snprintf(rule, size, "type='signal'"); + if (offset < 0) + return FALSE; sender = data->name ? : data->owner; - if (sender) - offset += snprintf(rule + offset, size - offset, + if (sender) { + ret = snprintf(rule + offset, size - offset, ",sender='%s'", sender); - if (data->path) - offset += snprintf(rule + offset, size - offset, + if (ret < 0) + return FALSE; + offset += ret; + } + if (data->path) { + ret = snprintf(rule + offset, size - offset, ",path='%s'", data->path); - if (data->interface) - offset += snprintf(rule + offset, size - offset, + if (ret < 0) + return FALSE; + offset += ret; + } + if (data->interface) { + ret = snprintf(rule + offset, size - offset, ",interface='%s'", data->interface); - if (data->member) - offset += snprintf(rule + offset, size - offset, + if (ret < 0) + return FALSE; + offset += ret; + } + if (data->member) { + ret = snprintf(rule + offset, size - offset, ",member='%s'", data->member); - if (data->argument) - snprintf(rule + offset, size - offset, + if (ret < 0) + return FALSE; + offset += ret; + } + if (data->argument) { + ret = snprintf(rule + offset, size - offset, ",arg0='%s'", data->argument); + if (ret < 0) + return FALSE; + } + return TRUE; } static gboolean add_match(struct filter_data *data, -- 2.44.0