From 60daed79dbd2fd4da6e60d4e8dd50914075ff212 Mon Sep 17 00:00:00 2001 From: iceman1001 Date: Tue, 12 Jan 2016 23:35:06 +0100 Subject: [PATCH] FIX: Coverity, out-of-bounds write, CID#121340, CID#121341, CID#121342, CID#121343, wrong size in check, sprintf always adds a null terminator, so if filepath would have been 996 chars long, this might had happend... but no more. --- client/cmdhfmf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/client/cmdhfmf.c b/client/cmdhfmf.c index a322e664..abc88b86 100644 --- a/client/cmdhfmf.c +++ b/client/cmdhfmf.c @@ -1364,7 +1364,7 @@ int CmdHF14AMfELoad(const char *Cmd) len = param_getstr(Cmd,nameParamNo,filename); - if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4; + if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5; fnameptr += len; @@ -1461,7 +1461,7 @@ int CmdHF14AMfESave(const char *Cmd) len = param_getstr(Cmd,nameParamNo,filename); - if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4; + if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5; // user supplied filename? if (len < 1) { @@ -1738,7 +1738,7 @@ int CmdHF14AMfCLoad(const char *Cmd) return 0; } else { len = strlen(Cmd); - if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4; + if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5; memcpy(filename, Cmd, len); fnameptr += len; @@ -1908,7 +1908,7 @@ int CmdHF14AMfCSave(const char *Cmd) { return 0; } else { len = strlen(Cmd); - if (len > FILE_PATH_SIZE - 4) len = FILE_PATH_SIZE - 4; + if (len > FILE_PATH_SIZE - 5) len = FILE_PATH_SIZE - 5; // get filename based on UID if (len < 1) { -- 2.39.2