diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2018-12-19 10:34:08 +0100 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2018-12-20 16:10:03 +0100 |
commit | 6ba9105f880db5b69386fc6258e41641147fd313 (patch) | |
tree | 447693be1f599edc6cf38d351dbca6e104058109 | |
parent | 14589c80cde937162da02414a0103653a566e866 (diff) | |
download | firewall3-6ba9105f880db5b69386fc6258e41641147fd313.tar.gz |
options: redirects: Fix possible buffer overflows
This fixes two possible situations where strncpy() produces a not null
terminated buffer.
Coverity IDs:
* 1412247 Buffer not null terminated
* 1412279 Buffer not null terminated
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r-- | options.c | 2 | ||||
-rw-r--r-- | redirects.c | 2 |
2 files changed, 2 insertions, 2 deletions
@@ -939,7 +939,7 @@ fw3_parse_setmatch(void *ptr, const char *val, bool is_list) return false; } - strncpy(m->name, p, sizeof(m->name)); + strncpy(m->name, p, sizeof(m->name) - 1); for (i = 0, p = strtok(NULL, " \t,"); i < 3 && p != NULL; diff --git a/redirects.c b/redirects.c index ab95395..97529ee 100644 --- a/redirects.c +++ b/redirects.c @@ -154,7 +154,7 @@ resolve_dest(struct uci_element *e, struct fw3_redirect *redir, if (!compare_addr(addr, &redir->ip_redir)) continue; - strncpy(redir->dest.name, zone->name, sizeof(redir->dest.name)); + strncpy(redir->dest.name, zone->name, sizeof(redir->dest.name) - 1); redir->dest.set = true; redir->_dest = zone; |