options: redirects: Fix possible buffer overflows

This fixes two possible situations where strncpy() produces a not null
terminated buffer.

Coverity IDs:
* 1412247 Buffer not null terminated
* 1412279 Buffer not null terminated

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/options.c b/options.c
index 5184346d2d40b51abd7c98b4c875bf2c57cd2d00..c763d9e8078207bf50841e9e7b28f85653686e21 100644 (file)
--- a/options.c
+++ b/options.c
@@ -939,7 +939,7 @@ fw3_parse_setmatch(void *ptr, const char *val, bool is_list)
                return false;
        }
 
-       strncpy(m->name, p, sizeof(m->name));
+       strncpy(m->name, p, sizeof(m->name) - 1);
 
        for (i = 0, p = strtok(NULL, " \t,");
             i < 3 && p != NULL;

diff --git a/redirects.c b/redirects.c
index ab95395ca6afda4f02227e4611e687faabb4673c..97529ee9876a71ec36b1068ba0634ab25310434a 100644 (file)
--- a/redirects.c
+++ b/redirects.c
@@ -154,7 +154,7 @@ resolve_dest(struct uci_element *e, struct fw3_redirect *redir,
                        if (!compare_addr(addr, &redir->ip_redir))
                                continue;
 
-                       strncpy(redir->dest.name, zone->name, sizeof(redir->dest.name));
+                       strncpy(redir->dest.name, zone->name, sizeof(redir->dest.name) - 1);
                        redir->dest.set = true;
                        redir->_dest = zone;