firewall-util: add an assert that we're not overwriting a buffer

... like commit f28501279d2c28fdbb31d8273b723e9bf71d3b98 does for out_interface. (cherry picked from commit 0b777d20e9a3868b12372ffce8040d1be063cec7) Resolves: #1602706
author: David Tardon <dtardon@redhat.com> 2018-10-10 09:33:28 +0200
committer: Lukas Nykryn <lnykryn@redhat.com> 2018-10-29 10:46:36 +0100
commit: fbe394e9166ddfe847dcac0eab0fcbd3c225dc33 (patch)
tree: 3311a88b2f61d806d71c23e13dd9da6e957334fc
parent: 8fdca31b41a6470ceda8e0a84f90a1e5ca28aa5c (diff)
download: systemd-fbe394e9166ddfe847dcac0eab0fcbd3c225dc33.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
index eb4f5ff616..cba52fb419 100644
--- a/src/shared/firewall-util.c
+++ b/src/shared/firewall-util.c
@@ -50,8 +50,14 @@ static int entry_fill_basics(
         entry->ip.proto = protocol;
 
         if (in_interface) {
+                size_t l;
+
+                l = strlen(in_interface);
+                assert(l < sizeof entry->ip.iniface);
+                assert(l < sizeof entry->ip.iniface_mask);
+
                 strcpy(entry->ip.iniface, in_interface);
-                memset(entry->ip.iniface_mask, 0xFF, strlen(in_interface)+1);
+                memset(entry->ip.iniface_mask, 0xFF, l + 1);
         }
         if (source) {
                 entry->ip.src = source->in;
author	David Tardon <dtardon@redhat.com>	2018-10-10 09:33:28 +0200
committer	Lukas Nykryn <lnykryn@redhat.com>	2018-10-29 10:46:36 +0100
commit	fbe394e9166ddfe847dcac0eab0fcbd3c225dc33 (patch)
tree	3311a88b2f61d806d71c23e13dd9da6e957334fc
parent	8fdca31b41a6470ceda8e0a84f90a1e5ca28aa5c (diff)
download	systemd-fbe394e9166ddfe847dcac0eab0fcbd3c225dc33.tar.gz