From: David Tardon <dtardon@redhat.com>
Date: Wed, 10 Oct 2018 07:33:28 +0000 (+0200)
Subject: firewall-util: add an assert that we're not overwriting a buffer
X-Git-Tag: v240~563^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b777d20e9a3868b12372ffce8040d1be063cec7;p=thirdparty%2Fsystemd.git

firewall-util: add an assert that we're not overwriting a buffer

... like commit f28501279d2c28fdbb31d8273b723e9bf71d3b98 does for
out_interface.
---

diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
index eb4f5ff616d..cba52fb4191 100644
--- a/src/shared/firewall-util.c
+++ b/src/shared/firewall-util.c
@@ -50,8 +50,14 @@ static int entry_fill_basics(
         entry->ip.proto = protocol;
 
         if (in_interface) {
+                size_t l;
+
+                l = strlen(in_interface);
+                assert(l < sizeof entry->ip.iniface);
+                assert(l < sizeof entry->ip.iniface_mask);
+
                 strcpy(entry->ip.iniface, in_interface);
-                memset(entry->ip.iniface_mask, 0xFF, strlen(in_interface)+1);
+                memset(entry->ip.iniface_mask, 0xFF, l + 1);
         }
         if (source) {
                 entry->ip.src = source->in;