From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 16 Nov 2012 04:35:29 +0000 (-0700)
Subject: basic_radius_auth: nul-terminate strings
X-Git-Tag: SQUID_3_4_0_1~499
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=53cb2c8096b46f14805fa4658d08c83002bc6eb6;p=thirdparty%2Fsquid.git

basic_radius_auth: nul-terminate strings

Alterations in rev.12444 to the command line paramcopying overlooked the
absence of nul-termination by strncpy(). Ensure the strings are terminated.

 Detected by Coverity Scan. Issue 743276
---

diff --git a/helpers/basic_auth/RADIUS/basic_radius_auth.cc b/helpers/basic_auth/RADIUS/basic_radius_auth.cc
index d9a4f3520c..0672a1e644 100644
--- a/helpers/basic_auth/RADIUS/basic_radius_auth.cc
+++ b/helpers/basic_auth/RADIUS/basic_radius_auth.cc
@@ -494,16 +494,20 @@ main(int argc, char **argv)
             cfname = optarg;
             break;
         case 'h':
-            strncpy(server, optarg, sizeof(server));
+            strncpy(server, optarg, sizeof(server)-1);
+            server[sizeof(server)-1] = '\0';
             break;
         case 'p':
-            strncpy(svc_name, optarg, sizeof(svc_name));
+            strncpy(svc_name, optarg, sizeof(svc_name)-1);
+            svc_name[sizeof(svc_name)-1] = '\0';
             break;
         case 'w':
-            strncpy(secretkey, optarg, sizeof(secretkey));
+            strncpy(secretkey, optarg, sizeof(secretkey)-1);
+            secretkey[sizeof(secretkey)-1] = '\0';
             break;
         case 'i':
-            strncpy(identifier, optarg, sizeof(identifier));
+            strncpy(identifier, optarg, sizeof(identifier)-1);
+            identifier[sizeof(identifier)-1] = '\0';
             break;
         case 't':
             retries = atoi(optarg);