[Libguestfs] [PATCH] p2v: check results of strndup and sscanf
Richard W.M. Jones
rjones at redhat.com
Tue Aug 12 09:54:08 UTC 2014
On Mon, Aug 11, 2014 at 06:35:50PM +0200, Pino Toscano wrote:
> ---
> p2v/ssh.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/p2v/ssh.c b/p2v/ssh.c
> index 1e9b05c..ff906df 100644
> --- a/p2v/ssh.c
> +++ b/p2v/ssh.c
> @@ -505,7 +505,16 @@ open_data_connection (struct config *config, int *local_port, int *remote_port)
> }, ovector, ovecsize)) {
> case 100: /* Ephemeral port. */
> port_str = strndup (&h->buffer[ovector[2]], ovector[3]-ovector[2]);
> - sscanf (port_str, "%d", remote_port);
> + if (port_str == NULL) {
> + set_ssh_error ("not enough memory for strndup");
> + mexp_close (h);
> + return NULL;
> + }
> + if (sscanf (port_str, "%d", remote_port) != 1) {
> + set_ssh_error ("cannot extract the port number from '%s'", port_str);
> + mexp_close (h);
> + return NULL;
> + }
> break;
ACK, although the regex ought to guarantee this already?
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
More information about the Libguestfs
mailing list