Is your feature request related to a problem? Please describe.
The system/settings module/library uses unsafe C string manipulation functions (eg. strcmp() or strlen()) on potentially user-accessible data, creating a security hazard.
Describe the solution you'd like
The maximum key/value lengths are known at compile time (Kconfig parameters), meaning we could use safer strnlen() and strncmp() functions.
Describe alternatives you've considered
No response
Verification
Is your feature request related to a problem? Please describe.
The system/settings module/library uses unsafe C string manipulation functions (eg.
strcmp()orstrlen()) on potentially user-accessible data, creating a security hazard.Describe the solution you'd like
The maximum key/value lengths are known at compile time (Kconfig parameters), meaning we could use safer
strnlen()andstrncmp()functions.Describe alternatives you've considered
No response
Verification