Fix stack-buffer-overflow in hal_fd_init()

Bug: 146144463
Test: No crash with unreasonable config path size
Merged-In: I93b801845e2cbad7eeb00e87aeae686ba0c44c8f
Change-Id: I93b801845e2cbad7eeb00e87aeae686ba0c44c8f
diff --git a/st21nfc/adaptation/config.cpp b/st21nfc/adaptation/config.cpp
index 99c18eb..69a0e98 100644
--- a/st21nfc/adaptation/config.cpp
+++ b/st21nfc/adaptation/config.cpp
@@ -404,7 +404,11 @@
 
   if (pParam->str_len() > 0) {
     memset(pValue, 0, len);
-    if (len > pParam->str_len()) len = pParam->str_len();
+    if (pParam->str_len() > len) {
+      return false;
+    } else {
+      len = pParam->str_len();
+    }
     memcpy(pValue, pParam->str_value(), len);
     return true;
   }
diff --git a/st21nfc/hal/hal_fd.cc b/st21nfc/hal/hal_fd.cc
index 29064ec..a559211 100644
--- a/st21nfc/hal/hal_fd.cc
+++ b/st21nfc/hal/hal_fd.cc
@@ -103,8 +103,8 @@
 
   // Getting information about FW patch, if any
   strcpy(ConfPath, FwPath);
-  strncat(FwPath, fwBinName, sizeof(FwPath));
-  strncat(ConfPath, fwConfName, sizeof(ConfPath));
+  strncat(FwPath, fwBinName, sizeof(FwPath) - strlen(FwPath) - 1);
+  strncat(ConfPath, fwConfName, sizeof(ConfPath) - strlen(ConfPath) - 1);
   STLOG_HAL_D("%s - FW update binary file = %s", __func__, FwPath);
   STLOG_HAL_D("%s - FW config binary file = %s", __func__, ConfPath);