Fix buffer null termination

strncpy() does not ensure a buffer is nul-terminated if the source is the
same length or longer than the destination buffer.

Detected by Coverity Scan. Issue 1025738.

diff --git a/snmplib/parse.c b/snmplib/parse.c
index 352af377a486f00eff5389b57c8785de4e0159b8..92c6a67e97b9d5dc08f6aa83cfe7ae92991bb5a2 100644 (file)
--- a/snmplib/parse.c
+++ b/snmplib/parse.c
@@ -691,7 +691,9 @@ parse_objectid(FILE *fp, char *name) {
         if (count == (length - 2)) {
             if (op->label) {
                 strncpy(np->parent, op->label, sizeof(np->parent));
+                np->parent[sizeof(np->parent-1)] = '\0';
                 strncpy(np->label, name, sizeof(np->label));
+                np->label[sizeof(np->label-1)] = '\0';
                 if (nop->subid != -1)
                     np->subid = nop->subid;
                 else