zebra: ensure ipset name is null terminated

We copy a fixed length buffer from the wire but don't ensure it is null
terminated. Then print it as a c-string. Lul.

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>

diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c
index 88e72ed8b3dc11d440dc490565c87c75b9742990..1c5182c5d824a3c09baa5890a93be8d27c188498 100644 (file)
--- a/zebra/zapi_msg.c
+++ b/zebra/zapi_msg.c
@@ -2359,6 +2359,7 @@ static inline void zread_ipset_entry(ZAPI_HANDLER_ARGS)
                zpi.sock = client->sock;
                STREAM_GETL(s, zpi.unique);
                STREAM_GET(&ipset.ipset_name, s, ZEBRA_IPSET_NAME_SIZE);
+               ipset.ipset_name[ZEBRA_IPSET_NAME_SIZE - 1] = '\0';
                STREAM_GETC(s, zpi.src.family);
                STREAM_GETC(s, zpi.src.prefixlen);
                STREAM_GET(&zpi.src.u.prefix, s, prefix_blen(&zpi.src));