[lxc-devel] [PATCH] criu.c: protect from buffer overrun of version in fscanf()
Stéphane Graber
stgraber at ubuntu.com
Mon Jan 4 17:46:26 UTC 2016
On Sun, Dec 27, 2015 at 09:29:10AM -0800, wim.coekaerts at oracle.com wrote:
> From: Wim Coekaerts <wim.coekaerts at oracle.com>
>
> while highly unlikely to happen...
> char version[1024];
>
> fscanf(.. %[1024] .., version );
>
> should leave room for null termination
>
> Signed-off-by: Wim Coekaerts <wim.coekaerts at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> src/lxc/criu.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/lxc/criu.c b/src/lxc/criu.c
> index 0a0392f..6ef4905 100644
> --- a/src/lxc/criu.c
> +++ b/src/lxc/criu.c
> @@ -315,7 +315,7 @@ static bool criu_version_ok()
> return false;
> }
>
> - if (fscanf(f, "Version: %1024[^\n]s", version) != 1)
> + if (fscanf(f, "Version: %1023[^\n]s", version) != 1)
> goto version_error;
>
> if (fgetc(f) != '\n')
> @@ -324,7 +324,7 @@ static bool criu_version_ok()
> if (strcmp(version, CRIU_VERSION) >= 0)
> goto version_match;
>
> - if (fscanf(f, "GitID: v%1024[^-]s", version) != 1)
> + if (fscanf(f, "GitID: v%1023[^-]s", version) != 1)
> goto version_error;
>
> if (fgetc(f) != '-')
> --
> 1.7.1
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160104/bf7fa456/attachment.sig>
More information about the lxc-devel
mailing list