From 56ea987f7510836f9eb485c8c13139d335f40ae1 Mon Sep 17 00:00:00 2001
From: Robert McMahon <rjmcmahon@rjmcmahon.com>
Date: Sat, 27 Dec 2025 18:00:19 -0800
Subject: [PATCH] Improve WiFi configuration handling by ensuring proper string
 termination

- Updated strncpy calls in wifi_cfg_apply_from_nvs and wifi_do_connect to prevent buffer overflows by reserving space for null termination.
- Added explicit null termination for SSID and password fields in the wifi_config_t structure.
---
 components/app_console/cmd_wifi.c | 6 ++++--
 components/wifi_cfg/wifi_cfg.c    | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/components/app_console/cmd_wifi.c b/components/app_console/cmd_wifi.c
index ba7a010..08fb722 100644
--- a/components/app_console/cmd_wifi.c
+++ b/components/app_console/cmd_wifi.c
@@ -120,8 +120,10 @@ static int wifi_do_connect(int argc, char **argv) {
 
     // Apply
     wifi_config_t wifi_config = {0};
-    strncpy((char *)wifi_config.sta.ssid, ssid, sizeof(wifi_config.sta.ssid));
-    strncpy((char *)wifi_config.sta.password, pass, sizeof(wifi_config.sta.password));
+    strncpy((char *)wifi_config.sta.ssid, ssid, sizeof(wifi_config.sta.ssid) - 1);
+    wifi_config.sta.ssid[sizeof(wifi_config.sta.ssid) - 1] = '\0';
+    strncpy((char *)wifi_config.sta.password, pass, sizeof(wifi_config.sta.password) - 1);
+    wifi_config.sta.password[sizeof(wifi_config.sta.password) - 1] = '\0';
 
     ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, &wifi_config));
     ESP_ERROR_CHECK(esp_wifi_connect());
diff --git a/components/wifi_cfg/wifi_cfg.c b/components/wifi_cfg/wifi_cfg.c
index 19feb7f..92640b9 100644
--- a/components/wifi_cfg/wifi_cfg.c
+++ b/components/wifi_cfg/wifi_cfg.c
@@ -78,9 +78,11 @@ bool wifi_cfg_apply_from_nvs(void) {
         }
 
         wifi_config_t wifi_config = {0};
-        strncpy((char *)wifi_config.sta.ssid, ssid, sizeof(wifi_config.sta.ssid));
+        strncpy((char *)wifi_config.sta.ssid, ssid, sizeof(wifi_config.sta.ssid) - 1);
+        wifi_config.sta.ssid[sizeof(wifi_config.sta.ssid) - 1] = '\0';
         if (pass) {
-            strncpy((char *)wifi_config.sta.password, pass, sizeof(wifi_config.sta.password));
+            strncpy((char *)wifi_config.sta.password, pass, sizeof(wifi_config.sta.password) - 1);
+            wifi_config.sta.password[sizeof(wifi_config.sta.password) - 1] = '\0';
         }
 
         ESP_LOGI(TAG, "Applying WiFi Config: SSID=%s", ssid);