From e8f93de2387747dd6bdfe4339b4807cd89ba998f Mon Sep 17 00:00:00 2001
From: Michael Zillgith <michael.zillgith@mz-automation.de>
Date: Thu, 18 Feb 2021 17:13:56 +0100
Subject: [PATCH] - fixed #310: Possible overflow in
 mmsMsg_createExtendedFilename()

---
 src/mms/iso_mms/common/mms_common_msg.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/mms/iso_mms/common/mms_common_msg.c b/src/mms/iso_mms/common/mms_common_msg.c
index 7f6e7501..1e4178d2 100644
--- a/src/mms/iso_mms/common/mms_common_msg.c
+++ b/src/mms/iso_mms/common/mms_common_msg.c
@@ -449,11 +449,14 @@ void
 mmsMsg_createExtendedFilename(const char* basepath, char* extendedFileName, char* fileName)
 {
 #if (CONFIG_SET_FILESTORE_BASEPATH_AT_RUNTIME == 1)
-    strncpy(extendedFileName, basepath, 512);
-    strncat(extendedFileName, fileName, 512);
+    strncpy(extendedFileName, basepath, 511);
+    extendedFileName[511] = 0;
+    strncat(extendedFileName, fileName, 511);
+    extendedFileName[511] = 0;
 #else
     strcpy(extendedFileName, CONFIG_VIRTUAL_FILESTORE_BASEPATH);
-    strncat(extendedFileName, fileName, sizeof(CONFIG_VIRTUAL_FILESTORE_BASEPATH) + 256);
+    strncat(extendedFileName, fileName, sizeof(CONFIG_VIRTUAL_FILESTORE_BASEPATH) + 255);
+    extendedFileName[sizeof(CONFIG_VIRTUAL_FILESTORE_BASEPATH) + 255] = 0;
 #endif
 }