summaryrefslogtreecommitdiffstats
path: root/linux-user
diff options
context:
space:
mode:
authorPeter Maydell2019-02-05 18:42:07 +0100
committerLaurent Vivier2019-02-07 14:11:19 +0100
commit9d0bd0cdd011edf15949ecdf08c25d8385028983 (patch)
treeb229c629e598868272deb6e5888b2c9b2f085ed7 /linux-user
parentFix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL. (diff)
downloadqemu-9d0bd0cdd011edf15949ecdf08c25d8385028983.tar.gz
qemu-9d0bd0cdd011edf15949ecdf08c25d8385028983.tar.xz
qemu-9d0bd0cdd011edf15949ecdf08c25d8385028983.zip
linux-user: Check sscanf return value in open_net_route()
Coverity warns (CID 1390634) that open_net_route() is not checking the return value from sscanf(), which means that it might then use values that aren't initialized. Errors here should in general not happen since we're passing an assumed-good /proc/net/route from the host kernel, but if we do fail to parse a line then just skip it in the output we pass to the guest. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20190205174207.9278-1-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Diffstat (limited to 'linux-user')
-rw-r--r--linux-user/syscall.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 08acc4d860..5bbb72f3d5 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6768,9 +6768,15 @@ static int open_net_route(void *cpu_env, int fd)
char iface[16];
uint32_t dest, gw, mask;
unsigned int flags, refcnt, use, metric, mtu, window, irtt;
- sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
- iface, &dest, &gw, &flags, &refcnt, &use, &metric,
- &mask, &mtu, &window, &irtt);
+ int fields;
+
+ fields = sscanf(line,
+ "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
+ iface, &dest, &gw, &flags, &refcnt, &use, &metric,
+ &mask, &mtu, &window, &irtt);
+ if (fields != 11) {
+ continue;
+ }
dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
metric, tswap32(mask), mtu, window, irtt);