On Wed, Feb 22 2012 at 10:53am -0500, Mikulas Patocka <mpatocka@xxxxxxxxxx> wrote: > dm: Better number validation in sscanf > > Device mapper uses sscanf to convert arguments to numbers. The problem is that > sscanf ignores additional unmatched characters in the scanned string. > > For example, this `if (sscanf(string, "%d", &number) == 1)' will match a number, > but also it will match number with some garbage appended, like "123abc". > > sscanf is used this way at a lot of places in the device mapper and > as a result, device mapper accepts garbage after some numbers, for example > the command `dmsetup create vg1-new --table "0 16384 linear 254:1bla 34816bla"' > will pass without an error. > > This patch fixes all sscanf uses in device mapper. The patch appends "%c" with > a pointer to a dummy character variable to every sscanf statement. > > The construct `if (sscanf(string, "%d%c", &number, &dummy) == 1)' succeeds > only if string is a null-terminated number (optinally preceeded by some > whitespace characters). If there is some character appended after the number, > sscanf matches "%c", writes the character to the dummy variable and returns 2. > We check the return value for 1, consequently we reject numbers with some > garbage appended. > > Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx> Looks reasonable to me. Acked-by: Mike Snitzer <snitzer@xxxxxxxxxx> -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel