[Git][NTPsec/ntpsec][master] Check return values for sscanf. Fixes CID 135766 and CID 135765.
Eric S. Raymond
gitlab at mg.gitlab.com
Thu Feb 25 18:42:51 UTC 2016
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
aa01ef7e by Matt Selsky at 2016-02-25T12:58:35-05:00
Check return values for sscanf. Fixes CID 135766 and CID 135765.
- - - - -
1 changed file:
- ntpd/ntp_intercept.c
Changes:
=====================================
ntpd/ntp_intercept.c
=====================================
--- a/ntpd/ntp_intercept.c
+++ b/ntpd/ntp_intercept.c
@@ -698,7 +698,10 @@ static void lfpload(char *str, l_fp *fp)
{
uint64_t np;
- sscanf(str, "%" PRIu64, &np);
+ if (sscanf(str, "%" PRIu64, &np) != 1) {
+ fprintf(stderr, "ntpd: bad fp format at line %d\n", lineno);
+ exit(1);
+ }
(fp)->l_uf = (np) & 0xFFFFFFFF; \
(fp)->l_ui = (((np) >> FRACTION_PREC) & 0xFFFFFFFF); \
@@ -762,7 +765,10 @@ static size_t packet_parse(char *pktbuf, char *macbuf, struct pkt *pkt)
size_t i;
for (i = 0; i < strlen(macbuf)/2; i++) {
int hexval;
- sscanf(macbuf + 2*i, "%02x", &hexval);
+ if (sscanf(macbuf + 2*i, "%02x", &hexval) != 1) {
+ fprintf(stderr, "ntpd: bad hexval format at line %d\n", lineno);
+ exit(1);
+ }
pkt->exten[i] = hexval & 0xff;
++pktlen;
}
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/aa01ef7e1677c7bc9bd7a1a3b5f96c7730d219a8
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20160225/41595070/attachment.html>
More information about the vc
mailing list