To meet requirements of Common Criteria certification vulnerablility assessment. Static code analysis has been run and found the following Error: DC.STREAM_BUFFER (CWE-120): [#def46] mdadm-4.2: dont_call: "fscanf" assumes an arbitrarily long string, so callers must use correct precision specifiers or never use "fscanf". The change is to define a value for string %s. V2: Tighten the value in policy.c to match the limit of the metadata. Add a change to policy_save_path() to use correct precision on the fscanf call. Signed-off-by: Nigel Croxon <ncroxon@xxxxxxxxxx> --- Monitor.c | 2 +- policy.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Monitor.c b/Monitor.c index f541229..8bd3b5a 100644 --- a/Monitor.c +++ b/Monitor.c @@ -359,7 +359,7 @@ static int check_one_sharer(int scan) "/proc/%d/comm", pid); comm_fp = fopen(comm_path, "r"); if (comm_fp) { - if (fscanf(comm_fp, "%s", comm) && + if (fscanf(comm_fp, "%19s", comm) && strncmp(basename(comm), Name, strlen(Name)) == 0) { if (scan) { pr_err("Only one autorebuild process allowed in scan mode, aborting\n"); diff --git a/policy.c b/policy.c index 3c53bd3..eee9ef6 100644 --- a/policy.c +++ b/policy.c @@ -761,7 +761,7 @@ void policy_save_path(char *id_path, struct map_ent *array) return; } - if (fprintf(f, "%s %08x:%08x:%08x:%08x\n", + if (fprintf(f, "%20s %08x:%08x:%08x:%08x\n", array->metadata, array->uuid[0], array->uuid[1], array->uuid[2], array->uuid[3]) <= 0) @@ -784,7 +784,7 @@ int policy_check_path(struct mdinfo *disk, struct map_ent *array) if (!f) continue; - rv = fscanf(f, " %s %x:%x:%x:%x\n", + rv = fscanf(f, " %20s %x:%x:%x:%x\n", array->metadata, array->uuid, array->uuid+1, -- 2.29.2