From fc0e0b660aba34b505df229584eaa8b6ef5365b7 Mon Sep 17 00:00:00 2001
From: Tobias Reisinger <development@serguzim.me>
Date: Tue, 30 Jul 2019 13:22:19 +0200
Subject: [PATCH] fix: strncpy limits

---
 controllers/api_v1_controllers.cc    |  4 ++--
 controllers/api_v1_devices_relays.cc | 10 +++++-----
 models/relay_dbo.cc                  |  4 ++--
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/controllers/api_v1_controllers.cc b/controllers/api_v1_controllers.cc
index ff3f07f..b4d4f96 100644
--- a/controllers/api_v1_controllers.cc
+++ b/controllers/api_v1_controllers.cc
@@ -77,8 +77,8 @@ controllers::put_one_by_id(const HttpRequestPtr &req, std::function<void(const H
 
     if(controllers[0])
     {
-        strncpy(controllers[0]->name, body["name"].asCString(), 128);
-        strncpy(controllers[0]->ip, body["ip"].asCString(), 17);
+        strncpy(controllers[0]->name, body["name"].asCString(), 127);
+        strncpy(controllers[0]->ip, body["ip"].asCString(), 16);
 
         controllers[0]->name[127] = '\0';
         controllers[0]->ip[16] = '\0';
diff --git a/controllers/api_v1_devices_relays.cc b/controllers/api_v1_devices_relays.cc
index 72d34d9..34f57dd 100644
--- a/controllers/api_v1_devices_relays.cc
+++ b/controllers/api_v1_devices_relays.cc
@@ -71,8 +71,8 @@ controllers::put_relays_one_by_id_and_num(const HttpRequestPtr &req,
 
     if(relay)
     {
-        strncpy(relay->name, body["name"].asCString(), 128);
-        strncpy(relay->active_schedule_id, body["active_schedule"].asCString(), 33);
+        strncpy(relay->name, body["name"].asCString(), 127);
+        strncpy(relay->active_schedule_id, body["active_schedule"].asCString(), 32);
 
         db_action_result = relay->update();
     }
@@ -80,9 +80,9 @@ controllers::put_relays_one_by_id_and_num(const HttpRequestPtr &req,
     {
         relay = new relay_dbo();
         relay->number = relay_num;
-        strncpy(relay->name, body["name"].asCString(), 128);
-        strncpy(relay->active_schedule_id, body["active_schedule"].asCString(), 33);
-        strncpy(relay->controller_id, controller_id.c_str(), 33);
+        strncpy(relay->name, body["name"].asCString(), 127);
+        strncpy(relay->active_schedule_id, body["active_schedule"].asCString(), 32);
+        strncpy(relay->controller_id, controller_id.c_str(), 32);
 
         db_action_result = relay->insert();
     }
diff --git a/models/relay_dbo.cc b/models/relay_dbo.cc
index bd8a1f3..3979e98 100644
--- a/models/relay_dbo.cc
+++ b/models/relay_dbo.cc
@@ -40,10 +40,10 @@ relay_db_select_mapper(sqlite3_stmt *stmt)
         switch(name[0])
         {
             case 'a': // active_schedule_id
-                strncpy(new_relay->active_schedule_id, (const char*)sqlite3_column_text(stmt, i), 33);
+                strncpy(new_relay->active_schedule_id, (const char*)sqlite3_column_text(stmt, i), 32);
                 break;
             case 'c': // controller_id
-                strncpy(new_relay->controller_id, (const char*)sqlite3_column_text(stmt, i), 33);
+                strncpy(new_relay->controller_id, (const char*)sqlite3_column_text(stmt, i), 32);
                 break;
             case 'i':
                 new_relay->id = sqlite3_column_int(stmt, i);