[prev in list] [next in list] [prev in thread] [next in thread]
List: lxc-devel
Subject: [lxc-devel] [PATCH] criu.c: protect from buffer overrun of version in fscanf()
From: wim.coekaerts () oracle ! com
Date: 2015-12-27 17:29:10
Message-ID: 1451237350-17236-1-git-send-email-wim.coekaerts () oracle ! com
[Download RAW message or body]
From: Wim Coekaerts <wim.coekaerts@oracle.com>
while highly unlikely to happen...
char version[1024];
fscanf(.. %[1024] .., version );
should leave room for null termination
Signed-off-by: Wim Coekaerts <wim.coekaerts@oracle.com>
---
src/lxc/criu.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lxc/criu.c b/src/lxc/criu.c
index 0a0392f..6ef4905 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -315,7 +315,7 @@ static bool criu_version_ok()
return false;
}
- if (fscanf(f, "Version: %1024[^\n]s", version) != 1)
+ if (fscanf(f, "Version: %1023[^\n]s", version) != 1)
goto version_error;
if (fgetc(f) != '\n')
@@ -324,7 +324,7 @@ static bool criu_version_ok()
if (strcmp(version, CRIU_VERSION) >= 0)
goto version_match;
- if (fscanf(f, "GitID: v%1024[^-]s", version) != 1)
+ if (fscanf(f, "GitID: v%1023[^-]s", version) != 1)
goto version_error;
if (fgetc(f) != '-')
--
1.7.1
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic