From 66c28a2e6e48348a2fc2952410a9b802408b84bb Mon Sep 17 00:00:00 2001
From: Thomas Basler <thomas@familie-basler.net>
Date: Tue, 13 Sep 2022 21:20:08 +0200
Subject: [PATCH] Replace strcpy by strlcpy

---
 src/WebApi_mqtt.cpp    | 20 ++++++++++----------
 src/WebApi_network.cpp |  6 +++---
 src/WebApi_ntp.cpp     |  6 +++---
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/WebApi_mqtt.cpp b/src/WebApi_mqtt.cpp
index 5e0b543..9b09c69 100644
--- a/src/WebApi_mqtt.cpp
+++ b/src/WebApi_mqtt.cpp
@@ -240,21 +240,21 @@ void WebApiMqttClass::onMqttAdminPost(AsyncWebServerRequest* request)
     config.Mqtt_Enabled = root[F("mqtt_enabled")].as<bool>();
     config.Mqtt_Retain = root[F("mqtt_retain")].as<bool>();
     config.Mqtt_Tls = root[F("mqtt_tls")].as<bool>();
-    strcpy(config.Mqtt_RootCaCert, root[F("mqtt_root_ca_cert")].as<String>().c_str());
+    strlcpy(config.Mqtt_RootCaCert, root[F("mqtt_root_ca_cert")].as<String>().c_str(), sizeof(config.Mqtt_RootCaCert));
     config.Mqtt_Port = root[F("mqtt_port")].as<uint>();
-    strcpy(config.Mqtt_Hostname, root[F("mqtt_hostname")].as<String>().c_str());
-    strcpy(config.Mqtt_Username, root[F("mqtt_username")].as<String>().c_str());
-    strcpy(config.Mqtt_Password, root[F("mqtt_password")].as<String>().c_str());
-    strcpy(config.Mqtt_Topic, root[F("mqtt_topic")].as<String>().c_str());
-    strcpy(config.Mqtt_LwtTopic, root[F("mqtt_lwt_topic")].as<String>().c_str());
-    strcpy(config.Mqtt_LwtValue_Online, root[F("mqtt_lwt_online")].as<String>().c_str());
-    strcpy(config.Mqtt_LwtValue_Offline, root[F("mqtt_lwt_offline")].as<String>().c_str());
+    strlcpy(config.Mqtt_Hostname, root[F("mqtt_hostname")].as<String>().c_str(), sizeof(config.Mqtt_Hostname));
+    strlcpy(config.Mqtt_Username, root[F("mqtt_username")].as<String>().c_str(), sizeof(config.Mqtt_Username));
+    strlcpy(config.Mqtt_Password, root[F("mqtt_password")].as<String>().c_str(), sizeof(config.Mqtt_Password));
+    strlcpy(config.Mqtt_Topic, root[F("mqtt_topic")].as<String>().c_str(), sizeof(config.Mqtt_Topic));
+    strlcpy(config.Mqtt_LwtTopic, root[F("mqtt_lwt_topic")].as<String>().c_str(), sizeof(config.Mqtt_LwtTopic));
+    strlcpy(config.Mqtt_LwtValue_Online, root[F("mqtt_lwt_online")].as<String>().c_str(), sizeof(config.Mqtt_LwtValue_Online));
+    strlcpy(config.Mqtt_LwtValue_Offline, root[F("mqtt_lwt_offline")].as<String>().c_str(), sizeof(config.Mqtt_LwtValue_Offline));
     config.Mqtt_PublishInterval = root[F("mqtt_publish_interval")].as<uint32_t>();
     config.Mqtt_Hass_Enabled = root[F("mqtt_hass_enabled")].as<bool>();
     config.Mqtt_Hass_Expire = root[F("mqtt_hass_expire")].as<bool>();
     config.Mqtt_Hass_Retain = root[F("mqtt_hass_retain")].as<bool>();
     config.Mqtt_Hass_IndividualPanels = root[F("mqtt_hass_individualpanels")].as<bool>();
-    strcpy(config.Mqtt_Hass_Topic, root[F("mqtt_hass_topic")].as<String>().c_str());
+    strlcpy(config.Mqtt_Hass_Topic, root[F("mqtt_hass_topic")].as<String>().c_str(), sizeof(config.Mqtt_Hass_Topic));
     Configuration.write();
 
     retMsg[F("type")] = F("success");
@@ -273,7 +273,7 @@ String WebApiMqttClass::getRootCaCertInfo(const char* cert)
 
     mbedtls_x509_crt global_cacert;
 
-    strcpy(rootCaCertInfo, "Can't parse root ca");
+    strlcpy(rootCaCertInfo, "Can't parse root ca", sizeof(rootCaCertInfo));
 
     mbedtls_x509_crt_init(&global_cacert);
     int ret = mbedtls_x509_crt_parse(&global_cacert, const_cast<unsigned char*>((unsigned char*)cert), 1 + strlen(cert));
diff --git a/src/WebApi_network.cpp b/src/WebApi_network.cpp
index a39ed2a..416d39b 100644
--- a/src/WebApi_network.cpp
+++ b/src/WebApi_network.cpp
@@ -185,9 +185,9 @@ void WebApiNetworkClass::onNetworkAdminPost(AsyncWebServerRequest* request)
     config.WiFi_Dns2[1] = dns2[1];
     config.WiFi_Dns2[2] = dns2[2];
     config.WiFi_Dns2[3] = dns2[3];
-    strcpy(config.WiFi_Ssid, root[F("ssid")].as<String>().c_str());
-    strcpy(config.WiFi_Password, root[F("password")].as<String>().c_str());
-    strcpy(config.WiFi_Hostname, root[F("hostname")].as<String>().c_str());
+    strlcpy(config.WiFi_Ssid, root[F("ssid")].as<String>().c_str(), sizeof(config.WiFi_Ssid));
+    strlcpy(config.WiFi_Password, root[F("password")].as<String>().c_str(), sizeof(config.WiFi_Password));
+    strlcpy(config.WiFi_Hostname, root[F("hostname")].as<String>().c_str(), sizeof(config.WiFi_Hostname));
     if (root[F("dhcp")].as<bool>()) {
         config.WiFi_Dhcp = true;
     } else {
diff --git a/src/WebApi_ntp.cpp b/src/WebApi_ntp.cpp
index ba57ceb..8b06fdb 100644
--- a/src/WebApi_ntp.cpp
+++ b/src/WebApi_ntp.cpp
@@ -123,9 +123,9 @@ void WebApiNtpClass::onNtpAdminPost(AsyncWebServerRequest* request)
     }
 
     CONFIG_T& config = Configuration.get();
-    strcpy(config.Ntp_Server, root[F("ntp_server")].as<String>().c_str());
-    strcpy(config.Ntp_Timezone, root[F("ntp_timezone")].as<String>().c_str());
-    strcpy(config.Ntp_TimezoneDescr, root[F("ntp_timezone_descr")].as<String>().c_str());
+    strlcpy(config.Ntp_Server, root[F("ntp_server")].as<String>().c_str(), sizeof(config.Ntp_Server));
+    strlcpy(config.Ntp_Timezone, root[F("ntp_timezone")].as<String>().c_str(), sizeof(config.Ntp_Timezone));
+    strlcpy(config.Ntp_TimezoneDescr, root[F("ntp_timezone_descr")].as<String>().c_str(), sizeof(config.Ntp_TimezoneDescr));
     Configuration.write();
 
     retMsg[F("type")] = F("success");