From d764e09f35a3a1c1daedf606ed4e30aa07ba39d3 Mon Sep 17 00:00:00 2001
From: Niclas Finne <nfi@sics.se>
Date: Thu, 4 Jun 2015 21:13:50 +0200
Subject: [PATCH] Make sure the url is null terminated in CoAP observe.

---
 apps/er-coap/er-coap-observe.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/apps/er-coap/er-coap-observe.c b/apps/er-coap/er-coap-observe.c
index ef533cf70..35ab2ff74 100644
--- a/apps/er-coap/er-coap-observe.c
+++ b/apps/er-coap/er-coap-observe.c
@@ -196,10 +196,12 @@ coap_notify_observers_sub(resource_t *resource, const char *subpath)
   char url[COAP_OBSERVER_URL_LEN];
 
   url_len = strlen(resource->url);
-  strncpy(url, resource->url, COAP_OBSERVER_URL_LEN);
-  if(strlen(url) < COAP_OBSERVER_URL_LEN && subpath != NULL) {
-    strncpy(&url[url_len], subpath, COAP_OBSERVER_URL_LEN - url_len);
+  strncpy(url, resource->url, COAP_OBSERVER_URL_LEN - 1);
+  if(url_len < COAP_OBSERVER_URL_LEN - 1 && subpath != NULL) {
+    strncpy(&url[url_len], subpath, COAP_OBSERVER_URL_LEN - url_len - 1);
   }
+  /* Ensure url is null terminated because strncpy does not guarantee this */
+  url[COAP_OBSERVER_URL_LEN - 1] = '\0';
   /* url now contains the notify URL that needs to match the observer */
   PRINTF("Observe: Notification from %s\n", url);