From 89e7033830bd73a35f4bb2faf14ccf06f3785712 Mon Sep 17 00:00:00 2001
From: JF <jf@codingfield.com>
Date: Sun, 28 Jun 2020 11:59:14 +0200
Subject: Fix buffer overflow opportunities in AlertNotificationService &
 AlertNotificationClient.

---
 src/Components/Ble/NotificationManager.cpp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src/Components/Ble/NotificationManager.cpp')

diff --git a/src/Components/Ble/NotificationManager.cpp b/src/Components/Ble/NotificationManager.cpp
index 2e02cb15..0aea0697 100644
--- a/src/Components/Ble/NotificationManager.cpp
+++ b/src/Components/Ble/NotificationManager.cpp
@@ -4,11 +4,12 @@
 using namespace Pinetime::Controllers;
 
 void NotificationManager::Push(Pinetime::Controllers::NotificationManager::Categories category,
-                                                      const char *message, uint8_t messageSize) {
+                                                      const char *message, uint8_t currentMessageSize) {
   // TODO handle edge cases on read/write index
+  auto checkedSize = std::min(currentMessageSize, uint8_t{18});
   auto& notif = notifications[writeIndex];
-  std::memcpy(notif.message.data(), message, messageSize);
-  notif.message[messageSize] = '\0';
+  std::memcpy(notif.message.data(), message, checkedSize);
+  notif.message[checkedSize] = '\0';
   notif.category = category;
 
   writeIndex = (writeIndex + 1 < TotalNbNotifications) ? writeIndex + 1 : 0;
-- 
cgit v1.2.3