Re: [PATCH] nwfilter: Fix sscanf off-by-one error in virNWFilterSnoopLeaseFileLoad

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 02, 2015 at 10:18:34AM +0200, Erik Skultety wrote:
We allocate 16 bytes for IPv4 address and 55 bytes for interface
key, therefore we should read up to 15/54 bytes and let the last byte
reserved for terminating null byte in sscanf.

https://bugzilla.redhat.com/show_bug.cgi?id=1226400
---
src/nwfilter/nwfilter_dhcpsnoop.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
index 6da8983..f331e22 100644
--- a/src/nwfilter/nwfilter_dhcpsnoop.c
+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
@@ -1958,8 +1958,8 @@ virNWFilterSnoopLeaseFileLoad(void)
            break;
        }
        ln++;
-        /* key len 55 = "VMUUID"+'-'+"MAC" */
-        if (sscanf(line, "%u %55s %16s %16s", &ipl.timeout,
+        /* key len 54 = "VMUUID"+'-'+"MAC" */
+        if (sscanf(line, "%u %54s %15s %15s", &ipl.timeout,
                   ifkey, ipstr, srvstr) < 4) {

We initialize ifkey as char ifkey[VIR_IFKEY_LEN], so it might be nicer
to call:

 if (sscanf(line, "%u %*s %*s %*s", &ipl.timeout,
                   VIR_IFKEY_LEN - 1, ifkey,
		    INET_ADDRSTRLEN - 1, ipstr,
		    INET_ADDRSTRLEN - 1, srvstr) < 4) {
     ...

But what you have is enough, so ACK to that.

Attachment: signature.asc
Description: PGP signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]