Patch "selftests/tcp_ao: Fix fscanf() call for format-security" has been added to the 6.8-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 19 Apr 2024 07:46:39 -0400

This is a note to let you know that I've just added the patch titled

    selftests/tcp_ao: Fix fscanf() call for format-security

to the 6.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     selftests-tcp_ao-fix-fscanf-call-for-format-security.patch
and it can be found in the queue-6.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit ea6a25848bccdb69ae68d01b5ed2fbf429ea747e
Author: Dmitry Safonov <0x7f454c46@xxxxxxxxx>
Date:   Sat Apr 13 02:42:54 2024 +0100

    selftests/tcp_ao: Fix fscanf() call for format-security
    
    [ Upstream commit beb78cd1329d039d73487ca05633d1b92e1ab2ea ]
    
    On my new laptop with packages from nixos-unstable, gcc 12.3.0 produces:
    > lib/proc.c: In function ‘netstat_read_type’:
    > lib/proc.c:89:9: error: format not a string literal and no format arguments [-Werror=format-security]
    >    89 |         if (fscanf(fnetstat, type->header_name) == EOF)
    >       |         ^~
    > cc1: some warnings being treated as errors
    
    Here the selftests lib parses header name, while expectes non-space word
    ending with a column.
    
    Fixes: cfbab37b3da0 ("selftests/net: Add TCP-AO library")
    Signed-off-by: Dmitry Safonov <0x7f454c46@xxxxxxxxx>
    Reported-by: Muhammad Usama Anjum <usama.anjum@xxxxxxxxxxxxx>
    Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/tools/testing/selftests/net/tcp_ao/lib/proc.c b/tools/testing/selftests/net/tcp_ao/lib/proc.c
index 2fb6dd8adba69..8b984fa042869 100644
--- a/tools/testing/selftests/net/tcp_ao/lib/proc.c
+++ b/tools/testing/selftests/net/tcp_ao/lib/proc.c
@@ -86,7 +86,7 @@ static void netstat_read_type(FILE *fnetstat, struct netstat **dest, char *line)
 
 	pos = strchr(line, ' ') + 1;
 
-	if (fscanf(fnetstat, type->header_name) == EOF)
+	if (fscanf(fnetstat, "%[^ :]", type->header_name) == EOF)
 		test_error("fscanf(%s)", type->header_name);
 	if (fread(&tmp, 1, 1, fnetstat) != 1 || tmp != ':')
 		test_error("Unexpected netstat format (%c)", tmp);







