pt_util: Catch sscanf failures

If there isn't sufficient data in the input line to satisfy sscanf,
fail with an error, rather than continuing with potentially corrupt
data.

Reviewed-on: http://gerrit.openafs.org/9295
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 62a10e063b4fe6721bd9768611d5f0c13b303189)

Change-Id: I7b9cff1d106538496c6d554291710f73fd6b5370
Reviewed-on: http://gerrit.openafs.org/11022
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/ptserver/pt_util.c b/src/ptserver/pt_util.c
index 5e377bda214d874e7af09e16ec9dbf366f16d3e4..ddbe22bde4f9ec0c3e5d8ceff7704fd52d8cbcda 100644 (file)
--- a/src/ptserver/pt_util.c
+++ b/src/ptserver/pt_util.c
@@ -249,7 +249,12 @@ CommandProc(struct cmd_syndesc *a_as, void *arock)
            char name[PR_MAXNAMELEN], mem[PR_MAXNAMELEN];
 
            if (isspace(*buffer)) {
-               sscanf(buffer, "%s %d", mem, &uid);
+               code = sscanf(buffer, "%s %d", mem, &uid);
+               if (code != 2) {
+                   fprintf(stderr,
+                           "Insuffient data provided for group membership\n");
+                   exit(1);
+               }
 
                for (u = usr_head; u; u = u->next)
                    if (u->uid && u->uid == uid)
@@ -299,8 +304,13 @@ CommandProc(struct cmd_syndesc *a_as, void *arock)
                    fprintf(stderr, "Error while adding %s to %s: %s\n", mem,
                            name, afs_error_message(code));
            } else {
-               sscanf(buffer, "%s %d/%d %d %d %d", name, &flags, &quota, &id,
-                      &oid, &cid);
+               code = sscanf(buffer, "%s %d/%d %d %d %d", name, &flags, &quota, &id,
+                             &oid, &cid);
+               if (code != 6) {
+                   fprintf(stderr,
+                           "Insufficient data provided for user/group\n");
+                   exit(1);
+               }
 
                if (FindByID(0, id))
                    code = PRIDEXIST;