Fix even more possibly not zero-terminated strings after copy (Karsten Desler)

diff --git a/extensions/libip6t_owner.c b/extensions/libip6t_owner.c
index ed785306706e8afec224ee62c14f7ed1b1bd9fc0..6d7258d40ddd1e583e6b0e5fcc5a91835af7c8e5 100644 (file)
--- a/extensions/libip6t_owner.c
+++ b/extensions/libip6t_owner.c
@@ -129,6 +129,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
                        exit_error(PARAMETER_PROBLEM, "OWNER CMD `%s' too long, max %d characters", optarg, sizeof(ownerinfo->comm));
                
                strncpy(ownerinfo->comm, optarg, sizeof(ownerinfo->comm));
+               ownerinfo->comm[sizeof(ownerinfo->comm)-1] = '\0';
 
                if (invert)
                        ownerinfo->invert |= IP6T_OWNER_COMM;

diff --git a/extensions/libipt_XOR.c b/extensions/libipt_XOR.c
index 3b05a30903fb20dc854b64f5d97e5ecf2ff9fbc0..47d8baacc1a3d159c52dc609dee1fbb7f9889e77 100644 (file)
--- a/extensions/libipt_XOR.c
+++ b/extensions/libipt_XOR.c
@@ -47,6 +47,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
        switch (c) {    
                case '1':
                        strncpy(info->key, optarg, 30);
+                       info->key[29] = '\0';
                        *flags |= IPT_KEY_SET;
                        break;
                case '2':

diff --git a/extensions/libipt_helper.c b/extensions/libipt_helper.c
index 4b16e0210dc3f3517c4452b896b652ce111bf6ff..72660d94dcb9fe99b596571fb239fa2f0514a762 100644 (file)
--- a/extensions/libipt_helper.c
+++ b/extensions/libipt_helper.c
@@ -46,6 +46,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
        case '1':
                check_inverse(optarg, &invert, &invert, 0);
                strncpy(info->name, optarg, 29);
+               info->name[29] = '\0';
                if (invert)
                        info->invert = 1;
                *flags = 1;

diff --git a/extensions/libipt_owner.c b/extensions/libipt_owner.c
index 73f0ed54889e455b40e613e089eb75da302ab967..9c92ab2a42e328278295c11a4f02612dee4b157c 100644 (file)
--- a/extensions/libipt_owner.c
+++ b/extensions/libipt_owner.c
@@ -128,6 +128,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
                        exit_error(PARAMETER_PROBLEM, "OWNER CMD `%s' too long, max %d characters", optarg, sizeof(ownerinfo->comm));
 
                strncpy(ownerinfo->comm, optarg, sizeof(ownerinfo->comm));
+               ownerinfo->comm[sizeof(ownerinfo->comm)-1] = '\0';
 
                if (invert)
                        ownerinfo->invert |= IPT_OWNER_COMM;

diff --git a/extensions/libipt_recent.c b/extensions/libipt_recent.c
index aa32aa0750e8034bc44e73784224aa6ec7cefa7f..a3942720fd08c9395fcb7eebe7d2d097ef170b24 100644 (file)
--- a/extensions/libipt_recent.c
+++ b/extensions/libipt_recent.c
@@ -75,6 +75,9 @@ init(struct ipt_entry_match *match, unsigned int *nfcache)
        *nfcache |= NFC_UNKNOWN;
 
        strncpy(info->name,"DEFAULT",IPT_RECENT_NAME_LEN);
+       /* eventhough IPT_RECENT_NAME_LEN is currently defined as 200,
+        * better be safe, than sorry */
+       info->name[IPT_RECENT_NAME_LEN-1] = '\0';
        info->side = IPT_RECENT_SOURCE;
 }
 
@@ -142,6 +145,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 
                case 208:
                        strncpy(info->name,optarg,IPT_RECENT_NAME_LEN);
+                       info->name[IPT_RECENT_NAME_LEN-1] = '\0';
                        break;
 
                case 209:

diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index cc60e234a2c7100923f24e4a0e4f10ae74b60605..89ef79d2f546c96caaf236979ee4e53d6af0e495 100644 (file)
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -7,7 +7,7 @@
  *     Rusty Russell <rusty@linuxcare.com.au>
  * This code is distributed under the terms of GNU GPL v2
  *
- * $Id: ip6tables-restore.c,v 1.12 2003/05/02 15:30:11 laforge Exp $
+ * $Id: ip6tables-restore.c,v 1.13 2004/01/05 09:41:51 laforge Exp $
  */
 
 #include <getopt.h>
@@ -182,6 +182,7 @@ int main(int argc, char *argv[])
                                exit(1);
                        }
                        strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
+                       curtable[IP6T_TABLE_MAXNAMELEN] = '\0';
 
                        if (handle)
                                ip6tc_free(&handle);

diff --git a/ip6tables.c b/ip6tables.c
index 664b307bbd17d9c1463b1e8627d35493431296a4..16d3ae17a05d7584bf20473c5c46c889758906fb 100644 (file)
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -675,6 +675,7 @@ parse_hostnetworkmask(const char *name, struct in6_addr **addrpp,
        int i, j, n;
 
        strncpy(buf, name, sizeof(buf) - 1);
+       buf[sizeof(buf) - 1] = '\0';
        if ((p = strrchr(buf, '/')) != NULL) {
                *p = '\0';
                addrp = parse_mask(p + 1);

diff --git a/iptables-restore.c b/iptables-restore.c
index 0a5627dadec92e4a75104e69080444fe3f2ba961..9ef78c78d85ff0ee95a927ab45eeb9bd9da86030 100644 (file)
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -4,7 +4,7 @@
  *
  * This code is distributed under the terms of GNU GPL v2
  *
- * $Id: iptables-restore.c,v 1.26 2003/05/02 15:30:11 laforge Exp $
+ * $Id: iptables-restore.c,v 1.27 2004/01/05 09:41:50 laforge Exp $
  */
 
 #include <getopt.h>
@@ -179,6 +179,7 @@ int main(int argc, char *argv[])
                                exit(1);
                        }
                        strncpy(curtable, table, IPT_TABLE_MAXNAMELEN);
+                       curtable[IPT_TABLE_MAXNAMELEN] = '\0';
 
                        if (handle)
                                iptc_free(&handle);

diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index ba2e35e8854da180036b02aca4b2695d4d6b6df6..3aacb547e3f0cf9c38ee4a61ac1867e1e2b1e5ce 100644 (file)
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -1,4 +1,4 @@
-/* Library which manipulates firewall rules.  Version $Revision: 1.41 $ */
+/* Library which manipulates firewall rules.  Version $Revision: 1.43 $ */
 
 /* Architecture of firewall rules is as follows:
  *
@@ -526,6 +526,7 @@ add_chain_cache(TC_HANDLE_T h, const char *name, unsigned int start_off,
        h->cache_num_chains++;
 
        strncpy(newcc->name, name, TABLE_MAXNAMELEN-1);
+       newcc->name[TABLE_MAXNAMELEN-1] = '\0';
        newcc->start_off = start_off;
        newcc->end_off = end_off;