diff options
author | David Howells <dhowells@redhat.com> | 2014-01-15 15:07:06 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2014-01-15 15:07:06 +0000 |
commit | 9d22b9b8be886b01d0e929d658b39afc729241eb (patch) | |
tree | 8bf0f391f0b07c3ae045197c4ef0c3954c28a036 | |
parent | 0a1ab5b7655a988a4b0b80f65f8f980dc94e1dd7 (diff) | |
download | keyutils-9d22b9b8be886b01d0e929d658b39afc729241eb.tar.gz |
Lib: Don't trust sscanf()'s %n argument
Don't trust sscanf()'s %n argument just in case the space immediately before
it didn't match anything as sscanf() doesn't tell you if it was set.
Signed-off-by: David Howells <dhowells@redhat.com>
-rw-r--r-- | keyutils.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -472,9 +472,10 @@ key_serial_t find_key_by_type_and_desc(const char *type, const char *desc, if (*cp) *cp = '\0'; + ndesc = 0; n = sscanf(buf, "%x %*s %*u %*s %*x %*d %*d %s %n", &id, typebuf, &ndesc); - if (n == 2) { + if (n == 2 && ndesc > 0 && ndesc <= cp - buf) { if (strcmp(typebuf, type) != 0) continue; kdesc = buf + ndesc; |