ecore_con: add '\0' termination to path.

Summary:
Copying from string 'buf' of length 4095 to '&socket_unix.sun_path[0]'
may form a non-terminated C string of size 108. So added null termination.

Signed-off-by: Prateek Thakur <prateek.th@samsung.com>

Reviewers: cedric, thiepha

Subscribers: jpeg

Differential Revision: https://phab.enlightenment.org/D4247

Signed-off-by: Cedric BAIL <cedric@osg.samsung.com>

1 files changed, 4 insertions, 2 deletions

diff --git a/src/lib/ecore_con/ecore_con_local.c b/src/lib/ecore_con/ecore_con_local.c
index 243584b962..1453ea103c 100644
--- a/src/lib/ecore_con/ecore_con_local.c
+++ b/src/lib/ecore_con/ecore_con_local.c
@@ -170,7 +170,8 @@ ecore_con_local_connect(Ecore_Con_Server *obj,
      }
    else
      {
-        strncpy(socket_unix.sun_path, buf, sizeof(socket_unix.sun_path));
+        strncpy(socket_unix.sun_path, buf, sizeof(socket_unix.sun_path) - 1);
+        socket_unix.sun_path[sizeof(socket_unix.sun_path) - 1] = '\0';
         socket_unix_len = LENGTH_OF_SOCKADDR_UN(&socket_unix);
      }
 
@@ -330,7 +331,8 @@ start:
    else
      {
         abstract_socket = EINA_FALSE;
-        strncpy(socket_unix.sun_path, buf, sizeof(socket_unix.sun_path));
+        strncpy(socket_unix.sun_path, buf, sizeof(socket_unix.sun_path) - 1);
+        socket_unix.sun_path[sizeof(socket_unix.sun_path) - 1] = '\0';
         socket_unix_len = LENGTH_OF_SOCKADDR_UN(&socket_unix);
      }