Fix sonar flagged bugs

[ric-plt/lib/rmr.git] / src / rmr / common / src / mbuf_api.c

diff --git a/src/rmr/common/src/mbuf_api.c b/src/rmr/common/src/mbuf_api.c
index f730958..029dd74 100644 (file)
--- a/src/rmr/common/src/mbuf_api.c
+++ b/src/rmr/common/src/mbuf_api.c
@@ -23,7 +23,7 @@
        Abstract:       These are common functions which work only on the mbuf and
                                thus (because they do not touch an endpoint or context)
                                can be agnostic to the underlying transport, or the transport
-                               layer provides a transport specific function (e.g. payload 
+                               layer provides a transport specific function (e.g. payload
                                reallocation).
 
        Author:         E. Scott Daniels
@@ -53,6 +53,12 @@
                EINVAL id poitner, buf or buf header are bad.
                EOVERFLOW if the bytes given would have overrun
 
+       We have been told that the meid will be a string, so we enforce that even if
+       the user is copying in bytes.  We will add a 0 byte at len+1 when len is less
+       than the field size, or as the last byte (doing damage to their string) if
+       the caller didn't play by the rules. If they pass a non-nil terminated set
+       of bytes which are the field length, we'll indicate truncation.
+
 */
 extern int rmr_bytes2meid( rmr_mbuf_t* mbuf, unsigned char const* src, int len ) {
        uta_mhdr_t* hdr;
@@ -71,6 +77,15 @@ extern int rmr_bytes2meid( rmr_mbuf_t* mbuf, unsigned char const* src, int len )
        hdr = (uta_mhdr_t *) mbuf->header;
        memcpy( hdr->meid, src, len );
 
+       if( len == RMR_MAX_MEID ) {
+               if( *(hdr->meid+len-1) != 0 ) {
+                       *(hdr->meid+len-1) = 0;
+                       errno = EOVERFLOW;
+               }
+       } else {
+               *(hdr->meid+len) = 0;
+       }
+
        return len;
 }
 
@@ -224,7 +239,7 @@ extern unsigned char*  rmr_get_xact( rmr_mbuf_t* mbuf, unsigned char* dest ) {
 }
 
 /*
-       Extracts the meid (managed equipment) from the header and copies the bytes
+       Extracts the meid (managed entity) from the header and copies the bytes
        to the user supplied area. If the user supplied pointer is nil, then
        a buffer will be allocated and it is the user's responsibilty to free.
        A pointer is returned to the destination memory (allocated or not)
@@ -414,7 +429,7 @@ extern unsigned char* rmr_get_src( rmr_mbuf_t* msg, unsigned char* dest ) {
 
        if( dest != NULL ) {
                hdr = msg->header;
-               strcpy( dest, hdr->src );
+               strncpy( dest, hdr->src, RMR_MAX_SRC );
        }
 
        return dest;
@@ -438,11 +453,11 @@ extern unsigned char* rmr_get_srcip( rmr_mbuf_t* msg, unsigned char* dest ) {
                hdr = msg->header;
                if( HDR_VERSION( msg->header ) > 2 ) {          // src ip was not present in hdr until ver 3
                        errno = 0;
-                       strcpy( dest, hdr->srcip );
+                       strncpy( dest, hdr->srcip, RMR_MAX_SRC );
                        rstr = dest;
                } else  {
                        errno = 0;
-                       strcpy( dest, hdr->src );                               // reutrn the name:port for old messages
+                       strncpy( dest, hdr->src, RMR_MAX_SRC );                         // reutrn the name:port for old messages
                        rstr = dest;
                }
        }