On 8/11/21 9:39 AM, Nigel Croxon wrote:
> To meet requirements of Common Criteria certification vulnerablility
> assessment. Static code analysis has been run and found the following
> Error: DC.STREAM_BUFFER (CWE-120): [#def46]
> mdadm-4.2: dont_call: "fscanf" assumes an arbitrarily
> long string, so callers must use correct precision specifiers or
> never use "fscanf".
>
> The change is to define a value for string %s.
>
> Signed-off-by: Nigel Croxon <ncroxon@xxxxxxxxxx>
> ---
> Monitor.c | 2 +-
> policy.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/Monitor.c b/Monitor.c
> index f5412299..8bd3b5a1 100644
> --- a/Monitor.c
> +++ b/Monitor.c
> @@ -359,7 +359,7 @@ static int check_one_sharer(int scan)
> "/proc/%d/comm", pid);
> comm_fp = fopen(comm_path, "r");
> if (comm_fp) {
> - if (fscanf(comm_fp, "%s", comm) &&
> + if (fscanf(comm_fp, "%19s", comm) &&
> strncmp(basename(comm), Name, strlen(Name)) == 0) {
> if (scan) {
> pr_err("Only one autorebuild process allowed in scan mode, aborting\n");
> diff --git a/policy.c b/policy.c
> index 3c53bd35..e9760a65 100644
> --- a/policy.c
> +++ b/policy.c
> @@ -784,7 +784,7 @@ int policy_check_path(struct mdinfo *disk, struct map_ent *array)
> if (!f)
> continue;
>
> - rv = fscanf(f, " %s %x:%x:%x:%x\n",
> + rv = fscanf(f, " %255s %x:%x:%x:%x\n",
> array->metadata,
> array->uuid,
> array->uuid+1,
>
1) array->metadata is 20 bytes long but you set a limit of 255 which
could easily overflow it.
2) You address policy_check_path() but don't fix policy_save_path()
right above it which has the same issue.
Please fix.
Jes
