diff options
author | Tobias Stoeckmann | 2014-10-26 18:41:24 +0100 |
---|---|---|
committer | Karel Zak | 2014-11-18 11:38:21 +0100 |
commit | 6cbf75e56ef70f2213ae0c7f025289a176ed5039 (patch) | |
tree | 836809bcdd28bc6b2c66399075f58fde4e1f403d /sys-utils/lscpu.c | |
parent | libfdisk: fix partition names on GNU Hurd. (diff) | |
download | kernel-qcow2-util-linux-6cbf75e56ef70f2213ae0c7f025289a176ed5039.tar.gz kernel-qcow2-util-linux-6cbf75e56ef70f2213ae0c7f025289a176ed5039.tar.xz kernel-qcow2-util-linux-6cbf75e56ef70f2213ae0c7f025289a176ed5039.zip |
lscpu: theoretical buffer overflow
there is a theoretical buffer overflow possible in the hypervisor
parsing code of lscpu. It would require a proc entry to return way more
than expected so it's no high priority. But better be safe than sorry.
At first I thought about switching to fgets but there is another
code file that adds a format specifier. The diff is less intrusive
that way, too.
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'sys-utils/lscpu.c')
-rw-r--r-- | sys-utils/lscpu.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys-utils/lscpu.c b/sys-utils/lscpu.c index ef5941088..c272dc238 100644 --- a/sys-utils/lscpu.c +++ b/sys-utils/lscpu.c @@ -621,7 +621,7 @@ read_hypervisor_powerpc(struct lscpu_desc *desc) fd = path_fopen("r", 0, _PATH_PROC_DEVICETREE "/ibm,partition-name"); if (fd) { char buf[256]; - if (fscanf(fd, "%s", buf) == 1 && !strcmp(buf, "full")) + if (fscanf(fd, "%255s", buf) == 1 && !strcmp(buf, "full")) desc->virtype = VIRT_NONE; fclose(fd); } @@ -757,7 +757,7 @@ read_hypervisor(struct lscpu_desc *desc, struct lscpu_modifier *mod) if (fd) { char buf[256]; - if (fscanf(fd, "%s", buf) == 1 && + if (fscanf(fd, "%255s", buf) == 1 && !strcmp(buf, "control_d")) dom0 = 1; fclose(fd); |