From ab07ddb8077321117deda8e16ac0cb09206c89c6 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Mon, 14 Jul 2014 18:11:00 -0700 Subject: [PATCH] Ticket #47746 - ldap/servers/slapd/back-ldbm/dblayer.c: possible minor problem with sscanf Description: Warning in read_metadata (dblayer.c): > sscanf(thisline,"%[a-z]%c%s",attribute,&delimiter,value); (warning) scanf without field width limits can crash with huge input data. Adding the size of the buffer to the sscanf format. Thanks to dcb for reporting the bug and fix. Reviewed by nhosoi@redhat.com. --- ldap/servers/slapd/back-ldbm/dblayer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c index 4f38845..f3159a9 100644 --- a/ldap/servers/slapd/back-ldbm/dblayer.c +++ b/ldap/servers/slapd/back-ldbm/dblayer.c @@ -5302,7 +5302,7 @@ static int read_metadata(struct ldbminfo *li) nextline++; } } - sscanf(thisline,"%[a-z]%c%s",attribute,&delimiter,value); + sscanf(thisline,"%512[a-z]%c%128s",attribute,&delimiter,value); if (0 == strcmp("cachesize",attribute)) { priv->dblayer_previous_cachesize = strtoul(value, NULL, 10); } else if (0 == strcmp("ncache",attribute)) { -- 1.8.1.4