Hi,
there is a theoretical buffer overflow possible in the hypervisor
parsing code of lscpu. It would require a proc entry to return way more
than expected so it's no high priority. But better be safe than sorry.
At first I thought about switching to fgets but there is another
code file that adds a format specifier. The diff is less intrusive
that way, too.
Tobias
---
sys-utils/lscpu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys-utils/lscpu.c b/sys-utils/lscpu.c
index ef59410..c272dc2 100644
--- a/sys-utils/lscpu.c
+++ b/sys-utils/lscpu.c
@@ -621,7 +621,7 @@ read_hypervisor_powerpc(struct lscpu_desc *desc)
fd = path_fopen("r", 0, _PATH_PROC_DEVICETREE "/ibm,partition-name");
if (fd) {
char buf[256];
- if (fscanf(fd, "%s", buf) == 1 && !strcmp(buf, "full"))
+ if (fscanf(fd, "%255s", buf) == 1 && !strcmp(buf, "full"))
desc->virtype = VIRT_NONE;
fclose(fd);
}
@@ -757,7 +757,7 @@ read_hypervisor(struct lscpu_desc *desc, struct lscpu_modifier *mod)
if (fd) {
char buf[256];
- if (fscanf(fd, "%s", buf) == 1 &&
+ if (fscanf(fd, "%255s", buf) == 1 &&
!strcmp(buf, "control_d"))
dom0 = 1;
fclose(fd);
--
2.1.1
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
