Ensure null termination on copied strings

CHANGELOG

@@ -1,11 +1,14 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o Fix a crash when writing long CPE strings to output. Reported by Harshit
+  Gupta. [Daniel Miller]
+
 o [Ncat] Fix several cases where Ncat's SOCKS5 client could interpret
   uninitialized data as protocol data, triggered by a malicious SOCKS5 proxy
   server. No code execution or application crash is possible.
   Reported by Govind Pratap Singh. [Daniel Miller]
 
-o Fix a out-of-bounds access in Nping Echo client allowing a malicious Nping
+o [Nping] Fix a out-of-bounds access in Nping Echo client allowing a malicious Nping
   EchoServer to zero 32 bytes of memory outside the packet buffer. Reported by
   Harshit Gupta. [Daniel Miller]
 

idle_scan.cc

@@ -522,17 +522,14 @@ static void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName,
   if (o.af() == AF_INET && q != NULL ) {
     /* I'm lazy, using a size_t we already had around */
     sslen = MIN(strcspn(proxyName,":"), sizeof(name) - 1);
-    strncpy(name, proxyName, sslen);
-    /* Ensure NULL termination */
-    name[sslen] = '\0';
+    Strncpy(name, proxyName, sslen);
   }
   else if (o.af() == AF_INET6 && strchr(proxyName, '[') != NULL && strchr(proxyName, ']') != NULL) {
     sslen = MIN(strcspn(proxyName,"]") - strcspn(proxyName, "[") - 1, sizeof(name) - 1);
-    strncpy(name, strchr(proxyName, '[') + 1, sslen);
-    name[sslen] = '\0';
+    Strncpy(name, strchr(proxyName, '[') + 1, sslen);
   }
   else
-    strncpy(name, proxyName, sizeof(name));
+    Strncpy(name, proxyName, sizeof(name));
 
   if (q) {
     q++;
@@ -1357,7 +1354,7 @@ void idle_scan(Target *target, u16 *portarray, int numports,
   /* If this is the first call,  */
   if (!*lastproxy) {
     initialize_idleproxy(&proxy, proxyName, target, ports);
-    strncpy(lastproxy, proxyName, sizeof(lastproxy));
+    Strncpy(lastproxy, proxyName, sizeof(lastproxy));
   }
 
   /* If we don't have timing infoz for the new target, we'll use values

nbase/inet_ntop.c

@@ -247,7 +247,7 @@ inet_ntop6(const unsigned char *src, char *dst, size_t size)
 #endif
         return (NULL);
     }
-    strncpy(dst, tmp, size);
+    Strncpy(dst, tmp, size);
     return (dst);
 }
 #endif

output.cc

@@ -2099,7 +2099,7 @@ void printserviceinfooutput(const Target *currenths) {
 
         if (!hostname_tbl[i][0]) {
           numhostnames++;
-          strncpy(&hostname_tbl[i][0], sd.hostname, sizeof(hostname_tbl[i]));
+          Strncpy(&hostname_tbl[i][0], sd.hostname, sizeof(hostname_tbl[i]));
           break;
         }
       }
@@ -2112,7 +2112,7 @@ void printserviceinfooutput(const Target *currenths) {
 
         if (!ostype_tbl[i][0]) {
           numostypes++;
-          strncpy(&ostype_tbl[i][0], sd.ostype, sizeof(ostype_tbl[i]));
+          Strncpy(&ostype_tbl[i][0], sd.ostype, sizeof(ostype_tbl[i]));
           break;
         }
       }
@@ -2125,7 +2125,7 @@ void printserviceinfooutput(const Target *currenths) {
 
         if (!devicetype_tbl[i][0]) {
           numdevicetypes++;
-          strncpy(&devicetype_tbl[i][0], sd.devicetype, sizeof(devicetype_tbl[i]));
+          Strncpy(&devicetype_tbl[i][0], sd.devicetype, sizeof(devicetype_tbl[i]));
           break;
         }
       }
@@ -2145,7 +2145,7 @@ void printserviceinfooutput(const Target *currenths) {
 
         if (!cpe_tbl[i][0]) {
           numcpes++;
-          strncpy(&cpe_tbl[i][0], *it, sizeof(cpe_tbl[i]));
+          Strncpy(&cpe_tbl[i][0], *it, sizeof(cpe_tbl[i]));
           break;
         }
       }