From: Simon Wilkinson Date: Wed, 27 Feb 2013 09:21:30 +0000 (+0000) Subject: pt_util: Catch sscanf failures X-Git-Tag: upstream/1.6.10_pre1^2~168 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=464ea3abdc46a31729cf8389fe8bba66706d65ae;p=packages%2Fo%2Fopenafs.git pt_util: Catch sscanf failures If there isn't sufficient data in the input line to satisfy sscanf, fail with an error, rather than continuing with potentially corrupt data. Reviewed-on: http://gerrit.openafs.org/9295 Tested-by: BuildBot Reviewed-by: Derrick Brashear Reviewed-by: Jeffrey Altman (cherry picked from commit 62a10e063b4fe6721bd9768611d5f0c13b303189) Change-Id: I7b9cff1d106538496c6d554291710f73fd6b5370 Reviewed-on: http://gerrit.openafs.org/11022 Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Stephan Wiesand --- diff --git a/src/ptserver/pt_util.c b/src/ptserver/pt_util.c index 5e377bda2..ddbe22bde 100644 --- a/src/ptserver/pt_util.c +++ b/src/ptserver/pt_util.c @@ -249,7 +249,12 @@ CommandProc(struct cmd_syndesc *a_as, void *arock) char name[PR_MAXNAMELEN], mem[PR_MAXNAMELEN]; if (isspace(*buffer)) { - sscanf(buffer, "%s %d", mem, &uid); + code = sscanf(buffer, "%s %d", mem, &uid); + if (code != 2) { + fprintf(stderr, + "Insuffient data provided for group membership\n"); + exit(1); + } for (u = usr_head; u; u = u->next) if (u->uid && u->uid == uid) @@ -299,8 +304,13 @@ CommandProc(struct cmd_syndesc *a_as, void *arock) fprintf(stderr, "Error while adding %s to %s: %s\n", mem, name, afs_error_message(code)); } else { - sscanf(buffer, "%s %d/%d %d %d %d", name, &flags, "a, &id, - &oid, &cid); + code = sscanf(buffer, "%s %d/%d %d %d %d", name, &flags, "a, &id, + &oid, &cid); + if (code != 6) { + fprintf(stderr, + "Insufficient data provided for user/group\n"); + exit(1); + } if (FindByID(0, id)) code = PRIDEXIST;