Hi there, the conntrack-tools have an fscanf() call without a field width limit. There's a small issue with this: [conntrack-tools/src/conntrack.c:1875]: (warning) scanf without field width limits can crash with huge input data Simple PoC can be found here: http://marc.info/?l=gimp-developer&m=129567990905823&w=2 The code currently looks like this: "if (fscanf(fd, "%d", &count) != 1) {" A limit to uint32 number of digits should be sane, also on 64bit machines. That should still give us enough conntrack entries - even for Jesper. I goofed around with scanf() some more and discovered that basically any field limit should do (even 2000+). Otherwise scanf() seems to use a fixed default buffer if the size is not known in advance. Proposed change looks like this: "if (fscanf(fd, "%10d", &count) != 1) {" Is that a sane thing to do or unnecessary? Cheers, Thomas -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
