sys: mitigate possible strncpy string truncation

[project/rpcd.git] / sys.c

diff --git a/sys.c b/sys.c
index 097e7057f7daad2208a6a24f07132ebff39c66a8..42a2fc6ec0c327568539b8dffa29e734975a3e34 100644 (file)
--- a/sys.c
+++ b/sys.c
@@ -172,7 +172,7 @@ rpc_sys_packagelist(struct ubus_context *ctx, struct ubus_object *obj,
        struct blob_attr *tb[__RPC_PACKAGELIST_MAX];
        int all = false;
        struct blob_buf buf = { 0 };
-       char var[256], pkg[128], ver[128];
+       char var[256], pkg[128] = { 0 }, ver[128] = { 0 };
        char *tmp, *p1, *p2, *p3;
        void *tbl;
 
@@ -224,7 +224,7 @@ procstr:
                        continue;
 
                if (!strcmp(var, "Package:")) {
-                       strncpy(pkg, p1, sizeof(pkg));
+                       strncpy(pkg, p1, sizeof(pkg) - 1);
                        continue;
                }
 
@@ -241,7 +241,7 @@ procstr:
                }
 
                if (!strcmp(var, "Version:")) {
-                       strncpy(ver, p1, sizeof(ver));
+                       strncpy(ver, p1, sizeof(ver) - 1);
                        continue;
                }