firewall-util: add an assert that we're not overwriting a buffer

author David Tardon <dtardon@redhat.com>

Wed, 10 Oct 2018 07:33:28 +0000 (09:33 +0200)

committer Lukas Nykryn <lnykryn@redhat.com>

Mon, 29 Oct 2018 09:46:36 +0000 (10:46 +0100)
author David Tardon <dtardon@redhat.com>
Wed, 10 Oct 2018 07:33:28 +0000 (09:33 +0200)
committer Lukas Nykryn <lnykryn@redhat.com>
Mon, 29 Oct 2018 09:46:36 +0000 (10:46 +0100)
diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c

index eb4f5ff616d8976aead822b2134451f6cfd48bfe..cba52fb41914c90d1018c0ac21014cc3a7a57521 100644 (file)
--- a/src/shared/firewall-util.c
+++ b/src/shared/firewall-util.c
@@ -50,8 +50,14 @@ static int entry_fill_basics(
          entry->ip.proto = protocol;
  
          if (in_interface) {
+                size_t l;
+
+                l = strlen(in_interface);
+                assert(l < sizeof entry->ip.iniface);
+                assert(l < sizeof entry->ip.iniface_mask);
+
                  strcpy(entry->ip.iniface, in_interface);
-                memset(entry->ip.iniface_mask, 0xFF, strlen(in_interface)+1);
+                memset(entry->ip.iniface_mask, 0xFF, l + 1);
          }
          if (source) {
                  entry->ip.src = source->in;
author	David Tardon <dtardon@redhat.com>
	Wed, 10 Oct 2018 07:33:28 +0000 (09:33 +0200)
committer	Lukas Nykryn <lnykryn@redhat.com>
	Mon, 29 Oct 2018 09:46:36 +0000 (10:46 +0100)