projects / platform / core / api / bluetooth.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cffcb69)
Use strtoul instead of strtol to prevent overflow. 28/188728/1
authorWootak Jung <wootak.jung@samsung.com>
Thu, 6 Sep 2018 01:41:25 +0000 (10:41 +0900)
committerWootak Jung <wootak.jung@samsung.com>
Mon, 10 Sep 2018 01:47:40 +0000 (10:47 +0900)
Change-Id: Icbcebc336c49c90d962d05e4e57858e103d1eb5e

src/bluetooth-adapter.c patch | blob | history

diff --git a/src/bluetooth-adapter.c b/src/bluetooth-adapter.c
index 93ee00e..f53f221 100644 (file)
--- a/src/bluetooth-adapter.c
+++ b/src/bluetooth-adapter.c
@@ -1757,10 +1757,9 @@ static int __bt_convert_string_to_uuid(const char *string,
 
        if (strlen(string) == 4)  { /* 16 bit uuid */
                unsigned short val;
-               char *stop;
-               data = g_malloc0(sizeof(char) *2);
+               data = g_malloc0(sizeof(char) * 2);
 
-               val = strtol(string, &stop, 16);
+               val = (unsigned short)strtoul(string, NULL, 16);
                val = htons(val);
                memcpy(data, &val, 2);
                *uuid = data;
@@ -1775,12 +1774,11 @@ static int __bt_convert_string_to_uuid(const char *string,
                char str_ptr[37] = { 0 };
                char *ptr[7];
                char *next_ptr;
-               char *stop;
                int idx = 0;
 
                unsigned int val0, val4;
                unsigned short val1, val2, val3, val5;
-               data = g_malloc0(sizeof(char) *16);
+               data = g_malloc0(sizeof(char) * 16);
 
                /* UUID format : %08x-%04hx-%04hx-%04hx-%08x%04hx */
                strncpy(str_ptr, string, 36);
@@ -1798,12 +1796,12 @@ static int __bt_convert_string_to_uuid(const char *string,
                strncpy(ptr[5], ptr[4], 8);
                strncpy(ptr[6], ptr[4] + 8, 4);
 
-               val0 = strtol(ptr[0], &stop, 16);
-               val1 = strtol(ptr[1], &stop, 16);
-               val2 = strtol(ptr[2], &stop, 16);
-               val3 = strtol(ptr[3], &stop, 16);
-               val4 = strtol(ptr[5], &stop, 16);
-               val5 = strtol(ptr[6], &stop, 16);
+               val0 = (unsigned int)strtoul(ptr[0], NULL, 16);
+               val1 = (unsigned short)strtoul(ptr[1], NULL, 16);
+               val2 = (unsigned short)strtoul(ptr[2], NULL, 16);
+               val3 = (unsigned short)strtoul(ptr[3], NULL, 16);
+               val4 = (unsigned int)strtoul(ptr[5], NULL, 16);
+               val5 = (unsigned short)strtoul(ptr[6], NULL, 16);
 
                val0 = htonl(val0);
                val1 = htons(val1);
Domain: Network & Connectivity / Bluetooth;