External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-07 18:35:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

nwfilter: Fix sscanf off-by-one error in virNWFilterSnoopLeaseFileLoad

Browse Source 
We allocate 16 bytes for IPv4 address and 55 bytes for interface
key, therefore we should read up to 15/54 bytes and let the last byte
reserved for terminating null byte in sscanf.

https://bugzilla.redhat.com/show_bug.cgi?id=1226400
This commit is contained in:
Erik Skultety 2015-06-02 09:25:04 +02:00
parent f88750b931
commit 152e315433
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/nwfilter/nwfilter_dhcpsnoop.c
View File

@ -1958,8 +1958,8 @@ virNWFilterSnoopLeaseFileLoad(void)
break;
}
ln++;
/* key len 55 = "VMUUID"+'-'+"MAC" */
if (sscanf(line, "%u %55s %16s %16s", &ipl.timeout,
/* key len 54 = "VMUUID"+'-'+"MAC" */
if (sscanf(line, "%u %54s %15s %15s", &ipl.timeout,
ifkey, ipstr, srvstr) < 4) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("virNWFilterSnoopLeaseFileLoad lease file "