From 1bce83316a1896cf5522d06b1fd6960d74511446 Mon Sep 17 00:00:00 2001
From: Jose Bollo <jose.bollo@iot.bzh>
Date: Fri, 4 Jan 2019 14:30:04 +0100
Subject: [PATCH] afb-api-v3: Fix potential buffer overflow

Change-Id: I170e127ebf96d2accfdd6d6a4ec322afeaa2782f
Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
---
 src/afb-api-v3.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/afb-api-v3.c b/src/afb-api-v3.c
index 660fac11..1fc6ebe4 100644
--- a/src/afb-api-v3.c
+++ b/src/afb-api-v3.c
@@ -158,21 +158,22 @@ struct json_object *afb_api_v3_make_description_openAPIv3(struct afb_api_v3 *api
 	json_object_object_add(i, "version", json_object_new_string("0.0.0"));
 	json_object_object_add(i, "description", json_object_new_string(api->info));
 
+	buffer[0] = '/';
+	buffer[sizeof buffer - 1] = 0;
+
 	p = json_object_new_object();
 	json_object_object_add(r, "paths", p);
 	iter = api->verbs;
 	end = iter + api->count;
 	while (iter != end) {
 		verb = *iter++;
-		buffer[0] = '/';
-		strncpy(buffer + 1, verb->verb, sizeof buffer - 1);
+		strncpy(buffer + 1, verb->verb, sizeof buffer - 2);
 		json_object_object_add(p, buffer, describe_verb_v3(verb));
 	}
 	verb = api->verbsv3;
 	if (verb)
 		while(verb->verb) {
-			buffer[0] = '/';
-			strncpy(buffer + 1, verb->verb, sizeof buffer - 1);
+			strncpy(buffer + 1, verb->verb, sizeof buffer - 2);
 			json_object_object_add(p, buffer, describe_verb_v3(verb));
 			verb++;
 		}
-- 
2.16.6