From 073df8feb0a8c4023ce40138e519ac9b341b1ca2 Mon Sep 17 00:00:00 2001
From: Karsten Desler <kdesler@soohrt.org>
Date: Sat, 31 Jan 2004 15:33:55 +0000
Subject: Fix even more possibly not zero-terminated strings after copy
 (Karsten Desler)

---
 extensions/libip6t_owner.c | 1 +
 extensions/libipt_XOR.c    | 1 +
 extensions/libipt_helper.c | 1 +
 extensions/libipt_owner.c  | 1 +
 extensions/libipt_recent.c | 4 ++++
 ip6tables-restore.c        | 3 ++-
 ip6tables.c                | 1 +
 iptables-restore.c         | 3 ++-
 libiptc/libiptc.c          | 3 ++-
 9 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/extensions/libip6t_owner.c b/extensions/libip6t_owner.c
index ed785306..6d7258d4 100644
--- a/extensions/libip6t_owner.c
+++ b/extensions/libip6t_owner.c
@@ -129,6 +129,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 			exit_error(PARAMETER_PROBLEM, "OWNER CMD `%s' too long, max %d characters", optarg, sizeof(ownerinfo->comm));
 		
 		strncpy(ownerinfo->comm, optarg, sizeof(ownerinfo->comm));
+		ownerinfo->comm[sizeof(ownerinfo->comm)-1] = '\0';
 
 		if (invert)
 			ownerinfo->invert |= IP6T_OWNER_COMM;
diff --git a/extensions/libipt_XOR.c b/extensions/libipt_XOR.c
index 3b05a309..47d8baac 100644
--- a/extensions/libipt_XOR.c
+++ b/extensions/libipt_XOR.c
@@ -47,6 +47,7 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
 	switch (c) {	
 		case '1':
 			strncpy(info->key, optarg, 30);
+			info->key[29] = '\0';
 			*flags |= IPT_KEY_SET;
 			break;
 		case '2':
diff --git a/extensions/libipt_helper.c b/extensions/libipt_helper.c
index 4b16e021..72660d94 100644
--- a/extensions/libipt_helper.c
+++ b/extensions/libipt_helper.c
@@ -46,6 +46,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 	case '1':
 		check_inverse(optarg, &invert, &invert, 0);
 		strncpy(info->name, optarg, 29);
+		info->name[29] = '\0';
 		if (invert)
 			info->invert = 1;
 		*flags = 1;
diff --git a/extensions/libipt_owner.c b/extensions/libipt_owner.c
index 73f0ed54..9c92ab2a 100644
--- a/extensions/libipt_owner.c
+++ b/extensions/libipt_owner.c
@@ -128,6 +128,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 			exit_error(PARAMETER_PROBLEM, "OWNER CMD `%s' too long, max %d characters", optarg, sizeof(ownerinfo->comm));
 
 		strncpy(ownerinfo->comm, optarg, sizeof(ownerinfo->comm));
+		ownerinfo->comm[sizeof(ownerinfo->comm)-1] = '\0';
 
 		if (invert)
 			ownerinfo->invert |= IPT_OWNER_COMM;
diff --git a/extensions/libipt_recent.c b/extensions/libipt_recent.c
index aa32aa07..a3942720 100644
--- a/extensions/libipt_recent.c
+++ b/extensions/libipt_recent.c
@@ -75,6 +75,9 @@ init(struct ipt_entry_match *match, unsigned int *nfcache)
 	*nfcache |= NFC_UNKNOWN;
 
 	strncpy(info->name,"DEFAULT",IPT_RECENT_NAME_LEN);
+	/* eventhough IPT_RECENT_NAME_LEN is currently defined as 200,
+	 * better be safe, than sorry */
+	info->name[IPT_RECENT_NAME_LEN-1] = '\0';
 	info->side = IPT_RECENT_SOURCE;
 }
 
@@ -142,6 +145,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 
 		case 208:
 			strncpy(info->name,optarg,IPT_RECENT_NAME_LEN);
+			info->name[IPT_RECENT_NAME_LEN-1] = '\0';
 			break;
 
 		case 209:
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index cc60e234..89ef79d2 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -7,7 +7,7 @@
  * 	Rusty Russell <rusty@linuxcare.com.au>
  * This code is distributed under the terms of GNU GPL v2
  *
- * $Id: ip6tables-restore.c,v 1.12 2003/05/02 15:30:11 laforge Exp $
+ * $Id: ip6tables-restore.c,v 1.13 2004/01/05 09:41:51 laforge Exp $
  */
 
 #include <getopt.h>
@@ -182,6 +182,7 @@ int main(int argc, char *argv[])
 				exit(1);
 			}
 			strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
+			curtable[IP6T_TABLE_MAXNAMELEN] = '\0';
 
 			if (handle)
 				ip6tc_free(&handle);
diff --git a/ip6tables.c b/ip6tables.c
index 664b307b..16d3ae17 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -675,6 +675,7 @@ parse_hostnetworkmask(const char *name, struct in6_addr **addrpp,
 	int i, j, n;
 
 	strncpy(buf, name, sizeof(buf) - 1);
+	buf[sizeof(buf) - 1] = '\0';
 	if ((p = strrchr(buf, '/')) != NULL) {
 		*p = '\0';
 		addrp = parse_mask(p + 1);
diff --git a/iptables-restore.c b/iptables-restore.c
index 0a5627da..9ef78c78 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -4,7 +4,7 @@
  *
  * This code is distributed under the terms of GNU GPL v2
  *
- * $Id: iptables-restore.c,v 1.26 2003/05/02 15:30:11 laforge Exp $
+ * $Id: iptables-restore.c,v 1.27 2004/01/05 09:41:50 laforge Exp $
  */
 
 #include <getopt.h>
@@ -179,6 +179,7 @@ int main(int argc, char *argv[])
 				exit(1);
 			}
 			strncpy(curtable, table, IPT_TABLE_MAXNAMELEN);
+			curtable[IPT_TABLE_MAXNAMELEN] = '\0';
 
 			if (handle)
 				iptc_free(&handle);
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index ba2e35e8..3aacb547 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -1,4 +1,4 @@
-/* Library which manipulates firewall rules.  Version $Revision: 1.41 $ */
+/* Library which manipulates firewall rules.  Version $Revision: 1.43 $ */
 
 /* Architecture of firewall rules is as follows:
  *
@@ -526,6 +526,7 @@ add_chain_cache(TC_HANDLE_T h, const char *name, unsigned int start_off,
 	h->cache_num_chains++;
 
 	strncpy(newcc->name, name, TABLE_MAXNAMELEN-1);
+	newcc->name[TABLE_MAXNAMELEN-1] = '\0';
 	newcc->start_off = start_off;
 	newcc->end_off = end_off;
 
-- 
cgit v1.2.3