[OpenWrt-Devel] [PATCH firewall3 1/2] options.c, redirects.c: Fix possible buffer overflows
Hauke Mehrtens
hauke at hauke-m.de
Wed Dec 19 06:23:11 EST 2018
This fixes two possible situations where strncpy() produces a not null
terminated buffer.
Coverity IDs:
* 1412247 Buffer not null terminated
* 1412279 Buffer not null terminated
Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
options.c | 2 +-
redirects.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/options.c b/options.c
index 5184346..c763d9e 100644
--- a/options.c
+++ b/options.c
@@ -939,7 +939,7 @@ fw3_parse_setmatch(void *ptr, const char *val, bool is_list)
return false;
}
- strncpy(m->name, p, sizeof(m->name));
+ strncpy(m->name, p, sizeof(m->name) - 1);
for (i = 0, p = strtok(NULL, " \t,");
i < 3 && p != NULL;
diff --git a/redirects.c b/redirects.c
index ab95395..97529ee 100644
--- a/redirects.c
+++ b/redirects.c
@@ -154,7 +154,7 @@ resolve_dest(struct uci_element *e, struct fw3_redirect *redir,
if (!compare_addr(addr, &redir->ip_redir))
continue;
- strncpy(redir->dest.name, zone->name, sizeof(redir->dest.name));
+ strncpy(redir->dest.name, zone->name, sizeof(redir->dest.name) - 1);
redir->dest.set = true;
redir->_dest = zone;
--
2.19.2
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list