Skip to content

Potential fix for code scanning alert no. 7: Potentially unsafe call to strncat #163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
S-Parthiban-Selvaraj wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Potential fix for code scanning alert no. 7: Potentially unsafe call to strncat #163

S-Parthiban-Selvaraj wants to merge 1 commit into from

Conversation

@S-Parthiban-Selvaraj
Copy link
Contributor

@S-Parthiban-Selvaraj S-Parthiban-Selvaraj commented Nov 10, 2025

Potential fix for https://github.com/rdkcentral/wan-manager/security/code-scanning/7

To fix the problem, update all calls to strncat in wanmgr_telemetry_append_key_value so that the third argument is the amount of space left in MarkerArguments minus 1 (to ensure space for the null terminator). Specifically, for each append, calculate the remaining capacity as sizeof(MarkerArguments) - strlen(MarkerArguments) - 1, and pass this as the third argument to strncat.

Change only the calls in this function:

  • Line 14: from strncat(MarkerArguments,WANMGR_T2_TELEMETRY_MARKER_ARG_DELIMITER,sizeof(MarkerArguments));
  • Line 16: from strncat(MarkerArguments,key,sizeof(MarkerArguments));
  • Line 17: from strncat(MarkerArguments,WANMGR_T2_TELEMETRY_MARKER_KEY_VALUE_DELIMITER,sizeof(MarkerArguments));
  • Line 18: from strncat(MarkerArguments,value,sizeof(MarkerArguments));

Replace each with a calculation of remaining room, using a helper inline or local variable.

No new imports or methods are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@S-Parthiban-Selvaraj @github-advanced-security
Potential fix for code scanning alert no. 7: Potentially unsafe call …
82cf6e1 
…to strncat

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Copilot AI review requested due to automatic review settings November 10, 2025 16:44
Copilot AI reviewed Nov 10, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR addresses a security vulnerability related to unsafe strncat calls in the wanmgr_telemetry_append_key_value function. The fix ensures proper buffer size calculation by computing the remaining capacity before each string concatenation operation.

Key Changes:

  • Introduced a remaining variable to track available buffer space
  • Updated all four strncat calls to use calculated remaining capacity instead of total buffer size
  • Each concatenation now properly accounts for space needed for the null terminator

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@S-Parthiban-Selvaraj S-Parthiban-Selvaraj marked this pull request as ready for review November 10, 2025 16:53
@S-Parthiban-Selvaraj S-Parthiban-Selvaraj requested a review from a team as a code owner November 10, 2025 16:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@S-Parthiban-Selvaraj