firewall-util: add an assert that we're not overwriting a buffer

author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Sun, 19 Feb 2017 18:19:50 +0000 (13:19 -0500)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Mon, 20 Feb 2017 21:02:15 +0000 (16:02 -0500)
author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Sun, 19 Feb 2017 18:19:50 +0000 (13:19 -0500)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Mon, 20 Feb 2017 21:02:15 +0000 (16:02 -0500)
diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c

index 9c29b0afca2ec98e4064e39480a7bfbd54048632..952fc48c4590e24d7e1102a3a6b40e42d397145e 100644 (file)
--- a/src/shared/firewall-util.c
+++ b/src/shared/firewall-util.c
@@ -76,8 +76,11 @@ static int entry_fill_basics(
          }
  
          if (out_interface) {
+                size_t l = strlen(out_interface);
+                assert(l < sizeof entry->ip.outiface && l < sizeof entry->ip.outiface_mask);
+
                  strcpy(entry->ip.outiface, out_interface);
-                memset(entry->ip.outiface_mask, 0xFF, strlen(out_interface)+1);
+                memset(entry->ip.outiface_mask, 0xFF, l + 1);
          }
          if (destination) {
                  entry->ip.dst = destination->in;
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Sun, 19 Feb 2017 18:19:50 +0000 (13:19 -0500)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Mon, 20 Feb 2017 21:02:15 +0000 (16:02 -0500)