rbxii3/firmware
1
0
Fork 0
mirror of https://github.com/meshtastic/firmware.git synced 2025-12-19 09:12:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added bounds checking to memcpy and use memory-safe strlcpy (#6351)

Browse Source 
* Added bounds checking to memcpy and use memory-safe strlcpy for reading serial data in processWXSerial() function.

* Fixed linting with trunk
This commit is contained in:
raulperdomo
2025-03-20 11:40:13 -04:00
committed by GitHub
parent 46235f6f8b
commit 0d95b1afcc
1 changed files with 68 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/modules/SerialModule.cpp
View File

@@ -468,6 +468,7 @@ void SerialModule::processWXSerial()
// Extract the current line
char line[meshtastic_Constants_DATA_PAYLOAD_LEN];
memset(line, '\0', sizeof(line));
if (lineEnd - lineStart < sizeof(line) - 1) {
memcpy(line, &serialBytes[lineStart], lineEnd - lineStart);
if (strstr(line, "Wind") != NULL) // we have a wind line
{
@@ -479,14 +480,14 @@ void SerialModule::processWXSerial()
if (windDirPos != NULL) {
// Extract data after "=" for WindDir
strcpy(windDir, windDirPos + 15); // Add 15 to skip "WindDir = "
strlcpy(windDir, windDirPos + 15, sizeof(windDir)); // Add 15 to skip "WindDir = "
double radians = GeoCoord::toRadians(strtof(windDir, nullptr));
dir_sum_sin += sin(radians);
dir_sum_cos += cos(radians);
dirCount++;
} else if (windSpeedPos != NULL) {
// Extract data after "=" for WindSpeed
strcpy(windVel, windSpeedPos + 15); // Add 15 to skip "WindSpeed = "
strlcpy(windVel, windSpeedPos + 15, sizeof(windVel)); // Add 15 to skip "WindSpeed = "
float newv = strtof(windVel, nullptr);
velSum += newv;
velCount++;
@@ -494,7 +495,7 @@ void SerialModule::processWXSerial()
lull = newv;
} else if (windGustPos != NULL) {
strcpy(windGust, windGustPos + 15); // Add 15 to skip "WindSpeed = "
strlcpy(windGust, windGustPos + 15, sizeof(windGust)); // Add 15 to skip "WindSpeed = "
float newg = strtof(windGust, nullptr);
if (newg > gust)
gust = newg;
@@ -504,21 +505,21 @@ void SerialModule::processWXSerial()
} else if (strstr(line, "BatVoltage") != NULL) { // we have a battVoltage line
char *batVoltagePos = strstr(line, "BatVoltage = ");
if (batVoltagePos != NULL) {
strcpy(batVoltage, batVoltagePos + 17); // 18 for ws 80, 17 for ws85
strlcpy(batVoltage, batVoltagePos + 17, sizeof(batVoltage)); // 18 for ws 80, 17 for ws85
batVoltageF = strtof(batVoltage, nullptr);
break; // last possible data we want so break
}
} else if (strstr(line, "CapVoltage") != NULL) { // we have a cappVoltage line
char *capVoltagePos = strstr(line, "CapVoltage = ");
if (capVoltagePos != NULL) {
strcpy(capVoltage, capVoltagePos + 17); // 18 for ws 80, 17 for ws85
strlcpy(capVoltage, capVoltagePos + 17, sizeof(capVoltage)); // 18 for ws 80, 17 for ws85
capVoltageF = strtof(capVoltage, nullptr);
}
// GXTS04Temp = 24.4
} else if (strstr(line, "GXTS04Temp") != NULL) { // we have a temperature line
char *tempPos = strstr(line, "GXTS04Temp = ");
if (tempPos != NULL) {
strcpy(temperature, tempPos + 15); // 15 spaces for ws85
strlcpy(temperature, tempPos + 15, sizeof(temperature)); // 15 spaces for ws85
temperatureF = strtof(temperature, nullptr);
}
@@ -526,7 +527,7 @@ void SerialModule::processWXSerial()
// LOG_INFO(line);
char *pos = strstr(line, "RainIntSum = ");
if (pos != NULL) {
strcpy(rainStr, pos + 17); // 17 spaces for ws85
strlcpy(rainStr, pos + 17, sizeof(rainStr)); // 17 spaces for ws85
rainSum = int(strtof(rainStr, nullptr));
}
@@ -535,7 +536,7 @@ void SerialModule::processWXSerial()
// LOG_INFO(line);
char *pos = strstr(line, "Rain = ");
if (pos != NULL) {
strcpy(rainStr, pos + 17); // 17 spaces for ws85
strlcpy(rainStr, pos + 17, sizeof(rainStr)); // 17 spaces for ws85
rain = strtof(rainStr, nullptr);
}
}
@@ -545,6 +546,7 @@ void SerialModule::processWXSerial()
lineStart = lineEnd + 1;
}
}
}
break;
// clear the input buffer
while (Serial2.available() > 0) {