Fix potential buffer overflow

cnlohr · Mar 2, 2025 · 7448e9e · 7448e9e
1 parent 5370f51
commit 7448e9e
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 22 deletions.
diff --git a/minichlink/minichlink.c b/minichlink/minichlink.c
@@ -380,7 +380,7 @@ int main( int argc, char ** argv )
 				{
 					uint8_t buffer[256];
 #if TERMINAL_INPUT_BUFFER
-					char print_buf[300]; // Buffer that is filled with everything and will be written to stdout (basically it's for formatting)
+					char print_buf[TERMINAL_BUFFER_SIZE]; // Buffer that is filled with everything and will be written to stdout (basically it's for formatting)
 					uint8_t update = 0;
 #endif
 					if( !IsGDBServerInShadowHaltState( dev ) )
@@ -417,17 +417,11 @@ int main( int argc, char ** argv )
 							}
 							if( to_send == 0 )
 							{
-								strcpy( print_buf, TERMINAL_CLEAR_CUR );
-								strcat( print_buf, TERMIANL_INPUT_SENT );
-								strcat( print_buf, input_buf );
-								strcat( print_buf, "\n" );
-								strcat( print_buf, pline_buf );
-								strcat( print_buf, TERMINAL_SEND_LABEL );
+                snprintf(print_buf, TERMINAL_BUFFER_SIZE - 1, "%s%s%s\n%s%s", TERMINAL_CLEAR_CUR, TERMIANL_INPUT_SENT, input_buf, pline_buf, TERMINAL_SEND_LABEL);
 								fwrite( print_buf, strlen( print_buf ), 1, stdout );
 								fflush( stdout );
 								input_pos = 0;
-								input_buf[0] = 0;
-								// memset( input_buf, 0, sizeof( input_buf ) );
+								memset( input_buf, 0, sizeof( input_buf ) );
 							}
 							appendword |= i + 4;
 						}
@@ -448,10 +442,10 @@ int main( int argc, char ** argv )
 #if TERMINAL_INPUT_BUFFER
 						if( ( r == -1 || r == 0 ) && update > 0 )
 						{
-							strcpy( print_buf, TERMINAL_CLEAR_CUR );
-							if ( to_send > 0 ) strcat( print_buf, TERMINAL_DIM );
-							strcat( print_buf, TERMINAL_SEND_LABEL );
-							strcat( print_buf, input_buf );
+							strncpy( print_buf, TERMINAL_CLEAR_CUR, TERMINAL_BUFFER_SIZE - 1 );
+							if ( to_send > 0 ) strncat( print_buf, TERMINAL_DIM, TERMINAL_BUFFER_SIZE - 1 - strlen(print_buf) );
+							strncat( print_buf, TERMINAL_SEND_LABEL, TERMINAL_BUFFER_SIZE - 1 - strlen(print_buf) );
+							strncat( print_buf, input_buf, TERMINAL_BUFFER_SIZE - 1 - strlen(print_buf) );
 							fwrite( print_buf, strlen( print_buf ), 1, stdout );
 							fflush( stdout );
 						}
@@ -471,13 +465,13 @@ int main( int argc, char ** argv )
 #if TERMINAL_INPUT_BUFFER
 							uint8_t new_line = 0;
 							if( buffer[r - 1] == '\n' ) new_line = 1;
-							if( new_line == 0 ) strcpy( print_buf, TERMINAL_CLEAR_PREV ); //  Go one line up and erase it
-							else strcpy( print_buf, TERMINAL_CLEAR_CUR ); // Go to the start of the line and erase it
-							strncat( pline_buf, (char *)buffer, r ); // Add newely received chars to line buffer
-							strcat( print_buf, pline_buf ); // Add line to buffer
-							if( to_send > 0 ) strcat( print_buf, TERMINAL_DIM );
-							strcat( print_buf, TERMINAL_SEND_LABEL ); // Print styled "Send" label
-							strcat( print_buf, input_buf ); // Print current input
+							if( new_line == 0 ) strncpy( print_buf, TERMINAL_CLEAR_PREV, TERMINAL_BUFFER_SIZE - 1 ); //  Go one line up and erase it
+							else strncpy( print_buf, TERMINAL_CLEAR_CUR, TERMINAL_BUFFER_SIZE - 1 ); // Go to the start of the line and erase it
+							strncat( pline_buf, (char *)buffer, TERMINAL_BUFFER_SIZE - 1 - strlen(print_buf) ); // Add newely received chars to line buffer
+							strncat( print_buf, pline_buf, TERMINAL_BUFFER_SIZE - 1 - strlen(print_buf) ); // Add line to buffer
+							if( to_send > 0 ) strncat( print_buf, TERMINAL_DIM, TERMINAL_BUFFER_SIZE - 1 - strlen(print_buf) );
+							strncat( print_buf, TERMINAL_SEND_LABEL, TERMINAL_BUFFER_SIZE - 1 - strlen(print_buf) ); // Print styled "Send" label
+							strncat( print_buf, input_buf, TERMINAL_BUFFER_SIZE - 1 - strlen(print_buf) ); // Print current input
 							fwrite( print_buf, strlen( print_buf ), 1, stdout );
 							print_buf[0] = 0;
 							if( new_line == 1 ) pline_buf[0] = 0;

diff --git a/minichlink/minichlink.h b/minichlink/minichlink.h
@@ -195,7 +195,11 @@ struct InternalState
 	#define DLLDECORATE
 #endif
 
-#define TERMINAL_INPUT_BUFFER 1
+#ifndef TERMINAL_INPUT_BUFFER
+#define TERMINAL_INPUT_BUFFER 0
+#endif
+
+#define TERMINAL_BUFFER_SIZE 512
 
 #define STR_(x) #x
 #define STR(x) STR_(x)
@@ -206,7 +210,6 @@ struct InternalState
 #endif
 
 #define TERMIANL_INPUT_SENT "\x1b[1F\x1b[2K\x1b[2K\033[38;" STR(TERMINAL_ACCENT_COLOR) "m> "
-#define TERMINAL_SEND_LABEL_N "\033[7m\033[1m\033[38;" STR(TERMINAL_ACCENT_COLOR) "mSend:\x1b[0m "
 #define TERMINAL_SEND_LABEL "\n\x1b[2K\033[7m\033[1m\033[38;" STR(TERMINAL_ACCENT_COLOR) "mSend:\x1b[0m "
 #define TERMINAL_SEND_BUSY "\n\x1b[2K\033[7m\033[1m\033[2m\033[38;" STR(TERMINAL_ACCENT_COLOR) "mSend:\x1b[0m "
 #define TERMINAL_CLEAR_PREV "\x1b[1F\x1b[2K"