On 10/14/21 12:02 PM, Nigel Croxon wrote: > To meet requirements of Common Criteria certification vulnerablility > assessment. Static code analysis has been run and found the following > Error: DC.STREAM_BUFFER (CWE-120): [#def46] > mdadm-4.2: dont_call: "fscanf" assumes an arbitrarily > long string, so callers must use correct precision specifiers or > never use "fscanf". > > The change is to define a value for string %s. > > V2: Tighten the value in policy.c to match the limit of the metadata. > Add a change to policy_save_path() to use correct precision on the > fscanf call. > > Signed-off-by: Nigel Croxon <ncroxon@xxxxxxxxxx> > --- > Monitor.c | 2 +- > policy.c | 4 ++-- > 2 files changed, 3 insertions(+), 3 deletions(-) Applied Thanks Jes
