From 3f6fed8eca790138e9ac80cb3b38b6791269982b Mon Sep 17 00:00:00 2001
From: William Wilgus <me.theuser@yahoo.com>
Date: Wed, 7 Nov 2018 23:29:59 -0500
Subject: Fix potential buffer overflow in settings.c

Change-Id: Ie8953e3ffc5188685f1ea056863bfbdb817080a7
---
 apps/settings.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/apps/settings.c b/apps/settings.c
index 9f3047e9df..2d38c4a5ef 100644
--- a/apps/settings.c
+++ b/apps/settings.c
@@ -402,8 +402,8 @@ bool cfg_int_to_string(int setting_id, int val, char* buf, int buf_len)
                     strlcpy(buf, start, buf_len);
                 else
                 {
-                    int len = (buf_len > (end-start))? end-start: buf_len;
-                    strlcpy(buf, start, len+1);
+                    int len = MIN(buf_len, (end-start) + 1);
+                    strlcpy(buf, start, len);
                 }
                 return true;
             }
@@ -430,8 +430,8 @@ bool cfg_int_to_string(int setting_id, int val, char* buf, int buf_len)
         strlcpy(buf, start, buf_len);
     else
     {
-        int len = (buf_len > (end-start))? end-start: buf_len;
-        strlcpy(buf, start, len+1);
+        int len = MIN(buf_len, (end-start) + 1);
+        strlcpy(buf, start, len);
     }
     return true;
 }
@@ -494,8 +494,11 @@ bool cfg_to_string(int i/*setting_id*/, char* buf, int buf_len)
                             settings[i].filename_setting->suffix);
                 }
             }
-            else strlcpy(buf,(char*)settings[i].setting,
-                         settings[i].filename_setting->max_len);
+            else
+            {
+                int len = MIN(buf_len, settings[i].filename_setting->max_len);
+                strlcpy(buf,(char*)settings[i].setting,len);
+            }
             break;
     } /* switch () */
     return true;
-- 
cgit v1.2.3