[lxc-devel] [PATCH] criu.c: protect from buffer overrun of version in fscanf()

Stéphane Graber stgraber at ubuntu.com
Mon Jan 4 17:46:26 UTC 2016


On Sun, Dec 27, 2015 at 09:29:10AM -0800, wim.coekaerts at oracle.com wrote:
> From: Wim Coekaerts <wim.coekaerts at oracle.com>
> 
> while highly unlikely to happen...
> char version[1024];
> 
> fscanf(.. %[1024] .., version  );
> 
> should leave room for null termination
> 
> Signed-off-by: Wim Coekaerts <wim.coekaerts at oracle.com>

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  src/lxc/criu.c |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/lxc/criu.c b/src/lxc/criu.c
> index 0a0392f..6ef4905 100644
> --- a/src/lxc/criu.c
> +++ b/src/lxc/criu.c
> @@ -315,7 +315,7 @@ static bool criu_version_ok()
>  			return false;
>  		}
>  
> -		if (fscanf(f, "Version: %1024[^\n]s", version) != 1)
> +		if (fscanf(f, "Version: %1023[^\n]s", version) != 1)
>  			goto version_error;
>  
>  		if (fgetc(f) != '\n')
> @@ -324,7 +324,7 @@ static bool criu_version_ok()
>  		if (strcmp(version, CRIU_VERSION) >= 0)
>  			goto version_match;
>  
> -		if (fscanf(f, "GitID: v%1024[^-]s", version) != 1)
> +		if (fscanf(f, "GitID: v%1023[^-]s", version) != 1)
>  			goto version_error;
>  
>  		if (fgetc(f) != '-')
> -- 
> 1.7.1
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160104/bf7fa456/attachment.sig>


More information about the lxc-devel mailing list