From 8b2ebea5e48761bded29fcb6ff7e070ba53f5aea Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Sun, 27 Jan 2013 21:30:26 -0700
Subject: [PATCH] Make sure copied strings are properly terminated in snmplib
 and wccp2

---
 snmplib/parse.c | 1 +
 src/wccp2.cc    | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/snmplib/parse.c b/snmplib/parse.c
index e8d8647419..d2ad7b7e82 100644
--- a/snmplib/parse.c
+++ b/snmplib/parse.c
@@ -1014,6 +1014,7 @@ parse(FILE *fp) {
             return NULL;
         }
         strncpy(name, token, 64);
+        name[63] = '\0';
         type = get_token(fp, token);
         if (type == OBJTYPE) {
             if (root == NULL) {
diff --git a/src/wccp2.cc b/src/wccp2.cc
index a5f6c8b5ce..01c4bc5fbb 100644
--- a/src/wccp2.cc
+++ b/src/wccp2.cc
@@ -592,6 +592,7 @@ wccp2_update_md5_security(char *password, char *ptr, char *packet, int len)
     /* The password field, for the MD5 hash, needs to be 8 bytes and NUL padded. */
     memset(pwd, 0, sizeof(pwd));
     strncpy(pwd, password, sizeof(pwd));
+    pwd[sizeof(pwd) - 1] = '\0';
 
     ws = (struct wccp2_security_md5_t *) ptr;
     assert(ntohs(ws->security_type) == WCCP2_SECURITY_INFO);
@@ -660,6 +661,7 @@ wccp2_check_security(struct wccp2_service_list_t *srv, char *security, char *pac
     /* The password field, for the MD5 hash, needs to be 8 bytes and NUL padded. */
     memset(pwd, 0, sizeof(pwd));
     strncpy(pwd, srv->wccp_password, sizeof(pwd));
+    pwd[sizeof(pwd) - 1] = '\0';
 
     /* Take a copy of the challenge: we need to NUL it before comparing */
     memcpy(md5_challenge, ws->security_implementation, 16);
-- 
2.47.2