[libvirt] [PATCH] nwfilter: Fix sscanf off-by-one error in virNWFilterSnoopLeaseFileLoad
Martin Kletzander
mkletzan at redhat.com
Tue Jun 2 09:35:26 UTC 2015
On Tue, Jun 02, 2015 at 10:18:34AM +0200, Erik Skultety wrote:
>We allocate 16 bytes for IPv4 address and 55 bytes for interface
>key, therefore we should read up to 15/54 bytes and let the last byte
>reserved for terminating null byte in sscanf.
>
>https://bugzilla.redhat.com/show_bug.cgi?id=1226400
>---
> src/nwfilter/nwfilter_dhcpsnoop.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
>index 6da8983..f331e22 100644
>--- a/src/nwfilter/nwfilter_dhcpsnoop.c
>+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
>@@ -1958,8 +1958,8 @@ virNWFilterSnoopLeaseFileLoad(void)
> break;
> }
> ln++;
>- /* key len 55 = "VMUUID"+'-'+"MAC" */
>- if (sscanf(line, "%u %55s %16s %16s", &ipl.timeout,
>+ /* key len 54 = "VMUUID"+'-'+"MAC" */
>+ if (sscanf(line, "%u %54s %15s %15s", &ipl.timeout,
> ifkey, ipstr, srvstr) < 4) {
We initialize ifkey as char ifkey[VIR_IFKEY_LEN], so it might be nicer
to call:
if (sscanf(line, "%u %*s %*s %*s", &ipl.timeout,
VIR_IFKEY_LEN - 1, ifkey,
INET_ADDRSTRLEN - 1, ipstr,
INET_ADDRSTRLEN - 1, srvstr) < 4) {
...
But what you have is enough, so ACK to that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150602/6f0fa123/attachment-0001.sig>
More information about the libvir-list
mailing list