diff options
| author | David Malcolm <dmalcolm@redhat.com> | 2013-01-15 14:44:49 -0500 |
|---|---|---|
| committer | David Malcolm <dmalcolm@redhat.com> | 2013-01-15 14:44:49 -0500 |
| commit | d134c6c5c5f740407fa8244b6a0b94fc50924986 (patch) | |
| tree | 37cf232f398efb8aea719ce801b2f3d661a355d0 /python-ethtool | |
| parent | 7c4d887595622d23d6f84b774494c140a8a782c0 (diff) | |
| download | python-ethtool-d134c6c5c5f740407fa8244b6a0b94fc50924986.tar.gz python-ethtool-d134c6c5c5f740407fa8244b6a0b94fc50924986.tar.xz python-ethtool-d134c6c5c5f740407fa8244b6a0b94fc50924986.zip | |
Fix buffer overflow in get_module()
get_module() includes this scanf call:
if (sscanf(buf, "%*d\t%*s\t%100s\t%*d\t%100s\n", driver, dev) > 0) {
i.e. "%100s" for each of driver and dev. i.e. a maximum field width of
100 for each.
However, this field width does not include the NUL terminator.
Increase the size of driver and dev from 100 to 101 to allow for the NUL byte.
This appears to have been present in the initial commit of the code
(8d6ad996f5d60d569532cdba4febb19c69bdf488)
Found by Braňo Náter using the "cppcheck" static analyzer.
Diffstat (limited to 'python-ethtool')
| -rw-r--r-- | python-ethtool/ethtool.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/python-ethtool/ethtool.c b/python-ethtool/ethtool.c index b3fc65b..b31f609 100644 --- a/python-ethtool/ethtool.c +++ b/python-ethtool/ethtool.c @@ -500,7 +500,7 @@ static PyObject *get_module(PyObject *self __unused, PyObject *args) int eno = errno; FILE *file; int found = 0; - char driver[100], dev[100]; + char driver[101], dev[101]; close(fd); /* Before bailing, maybe it is a PCMCIA/PC Card? */ |