From 8bbbd10b6a4e148c03632f8a1317c788ac97a439 Mon Sep 17 00:00:00 2001 From: Wootak Jung Date: Thu, 6 Sep 2018 10:41:25 +0900 Subject: [PATCH] Use strtoul instead of strtol to prevent overflow. Change-Id: Icbcebc336c49c90d962d05e4e57858e103d1eb5e --- src/bluetooth-adapter.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/src/bluetooth-adapter.c b/src/bluetooth-adapter.c index 93ee00e..f53f221 100644 --- a/src/bluetooth-adapter.c +++ b/src/bluetooth-adapter.c @@ -1757,10 +1757,9 @@ static int __bt_convert_string_to_uuid(const char *string, if (strlen(string) == 4) { /* 16 bit uuid */ unsigned short val; - char *stop; - data = g_malloc0(sizeof(char) *2); + data = g_malloc0(sizeof(char) * 2); - val = strtol(string, &stop, 16); + val = (unsigned short)strtoul(string, NULL, 16); val = htons(val); memcpy(data, &val, 2); *uuid = data; @@ -1775,12 +1774,11 @@ static int __bt_convert_string_to_uuid(const char *string, char str_ptr[37] = { 0 }; char *ptr[7]; char *next_ptr; - char *stop; int idx = 0; unsigned int val0, val4; unsigned short val1, val2, val3, val5; - data = g_malloc0(sizeof(char) *16); + data = g_malloc0(sizeof(char) * 16); /* UUID format : %08x-%04hx-%04hx-%04hx-%08x%04hx */ strncpy(str_ptr, string, 36); @@ -1798,12 +1796,12 @@ static int __bt_convert_string_to_uuid(const char *string, strncpy(ptr[5], ptr[4], 8); strncpy(ptr[6], ptr[4] + 8, 4); - val0 = strtol(ptr[0], &stop, 16); - val1 = strtol(ptr[1], &stop, 16); - val2 = strtol(ptr[2], &stop, 16); - val3 = strtol(ptr[3], &stop, 16); - val4 = strtol(ptr[5], &stop, 16); - val5 = strtol(ptr[6], &stop, 16); + val0 = (unsigned int)strtoul(ptr[0], NULL, 16); + val1 = (unsigned short)strtoul(ptr[1], NULL, 16); + val2 = (unsigned short)strtoul(ptr[2], NULL, 16); + val3 = (unsigned short)strtoul(ptr[3], NULL, 16); + val4 = (unsigned int)strtoul(ptr[5], NULL, 16); + val5 = (unsigned short)strtoul(ptr[6], NULL, 16); val0 = htonl(val0); val1 = htons(val1); -- 2.7.4