From f28501279d2c28fdbb31d8273b723e9bf71d3b98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 19 Feb 2017 13:19:50 -0500
Subject: [PATCH] firewall-util: add an assert that we're not overwriting a
 buffer

Check for CID #1368267.
---
 src/shared/firewall-util.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
index 9c29b0afca..952fc48c45 100644
--- a/src/shared/firewall-util.c
+++ b/src/shared/firewall-util.c
@@ -76,8 +76,11 @@ static int entry_fill_basics(
         }
 
         if (out_interface) {
+                size_t l = strlen(out_interface);
+                assert(l < sizeof entry->ip.outiface && l < sizeof entry->ip.outiface_mask);
+
                 strcpy(entry->ip.outiface, out_interface);
-                memset(entry->ip.outiface_mask, 0xFF, strlen(out_interface)+1);
+                memset(entry->ip.outiface_mask, 0xFF, l + 1);
         }
         if (destination) {
                 entry->ip.dst = destination->in;