From ea109f6a205b9e5ae1afaca50d9c97073873df98 Mon Sep 17 00:00:00 2001
From: Flavio Ceolin <flavio.ceolin@intel.com>
Date: Mon, 25 Sep 2023 15:44:36 -0700
Subject: [PATCH] drivers: eswifi: shell: Fix possible overflow

Limit the copied data to the buffer's size.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
---
 drivers/wifi/eswifi/eswifi_shell.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/drivers/wifi/eswifi/eswifi_shell.c b/drivers/wifi/eswifi/eswifi_shell.c
index ee5cf4a15ba1..de122d4ef1f7 100644
--- a/drivers/wifi/eswifi/eswifi_shell.c
+++ b/drivers/wifi/eswifi/eswifi_shell.c
@@ -25,6 +25,7 @@ static int eswifi_shell_atcmd(const struct shell *sh, size_t argc,
 			      char **argv)
 {
 	int i;
+	size_t len = 0;
 
 	if (eswifi == NULL) {
 		shell_print(sh, "no eswifi device registered");
@@ -40,9 +41,16 @@ static int eswifi_shell_atcmd(const struct shell *sh, size_t argc,
 
 	memset(eswifi->buf, 0, sizeof(eswifi->buf));
 	for (i = 1; i < argc; i++) {
-		strcat(eswifi->buf, argv[i]);
+		size_t argv_len = strlen(argv[i]);
+
+		if ((len + argv_len) >= sizeof(eswifi->buf) - 1) {
+			break;
+		}
+
+		memcpy(eswifi->buf + len, argv[i], argv_len);
+		len += argv_len;
 	}
-	strcat(eswifi->buf, "\r");
+	eswifi->buf[len] = '\r';
 
 	shell_print(sh, "> %s", eswifi->buf);
 	eswifi_at_cmd(eswifi, eswifi->buf);