Re: [libvirt] [PATCH] nwfilter: Fix sscanf off-by-one error in virNWFilterSnoopLeaseFileLoad
On Tue, Jun 02, 2015 at 10:18:34AM +0200, Erik Skultety wrote:
We allocate 16 bytes for IPv4 address and 55 bytes for interface
key, therefore we should read up to 15/54 bytes and let the last byte
reserved for terminating null byte in sscanf.
https://bugzilla.redhat.com/show_bug.cgi?id=1226400
---
src/nwfilter/nwfilter_dhcpsnoop.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
index 6da8983..f331e22 100644
--- a/src/nwfilter/nwfilter_dhcpsnoop.c
+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
@@ -1958,8 +1958,8 @@ virNWFilterSnoopLeaseFileLoad(void)
break;
}
ln++;
- /* key len 55 = "VMUUID"+'-'+"MAC" */
- if (sscanf(line, "%u %55s %16s %16s", &ipl.timeout,
+ /* key len 54 = "VMUUID"+'-'+"MAC" */
+ if (sscanf(line, "%u %54s %15s %15s", &ipl.timeout,
ifkey, ipstr, srvstr) < 4) {
We initialize ifkey as char ifkey[VIR_IFKEY_LEN], so it might be nicer
to call:
if (sscanf(line, "%u %*s %*s %*s", &ipl.timeout,
VIR_IFKEY_LEN - 1, ifkey,
INET_ADDRSTRLEN - 1, ipstr,
INET_ADDRSTRLEN - 1, srvstr) < 4) {
...
But what you have is enough, so ACK to that.
Attachments:
- signature.asc (application/pgp-signature — 819 bytes)