{common,system-controller}: make sure buffers are null-terminated.

Fixes issues found by Coverity.

Change-Id: Ib226c27ebea07a27879e4450ca04cd2340ca7511

diff --git a/src/common/process-watch.c b/src/common/process-watch.c
index 3b402ba..ac81b7d 100644 (file)
--- a/src/common/process-watch.c
+++ b/src/common/process-watch.c
@@ -1283,7 +1283,10 @@ static void post_task_events(mrp_list_hook_t *list, mrp_proc_event_type_t events
             e->what = PROC_EVENT_COMM;
             e->event_data.comm.process_pid  = pid;
             e->event_data.comm.process_tgid = tgid;
-            strcpy(e->event_data.comm.comm, comm);
+
+            /* Copy the string and make sure we are null-terminated */
+            strncpy(e->event_data.comm.comm, comm, sizeof(e->event_data.comm.comm));
+            e->event_data.comm.comm[sizeof(e->event_data.comm.comm) - 1] = '\0';
 
             mrp_list_append(list, &evt->hook);
         }

diff --git a/src/plugins/system-controller/user/user.c b/src/plugins/system-controller/user/user.c
index 0d93018..d229120 100644 (file)
--- a/src/plugins/system-controller/user/user.c
+++ b/src/plugins/system-controller/user/user.c
@@ -394,7 +394,7 @@ static char *get_last_user(const char *user_dir)
 
         memset(last_user_buf, 0, sizeof(last_user_buf));
 
-        ret = fread(last_user_buf, 1, sizeof(last_user_buf), last_user_file);
+        ret = fread(last_user_buf, 1, sizeof(last_user_buf) - 1, last_user_file);
 
         if (ret < 0) {
             goto end;
@@ -404,6 +404,8 @@ static char *get_last_user(const char *user_dir)
             goto end;
         }
 
+        last_user_buf[ret] = '\0';
+
         mrp_log_info("system-controller: last user '%s'", last_user_buf);
 
         last_user = mrp_strdup(last_user_buf);