summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKevin-Luong <39298548+Kevin-Luong@users.noreply.github.com>2021-01-29 08:31:38 +0700
committerGitHub <noreply@github.com>2021-01-29 10:31:38 +0900
commit43fda34be9c4c8311d9c7d6bdc2c23b04f155264 (patch)
tree019570a5bb6b28ff064e680001bf1810838f121e
parentb0a21ecb5e02be2556b186e1cb5bf85beaf79d7d (diff)
downloadDLT-daemon-43fda34be9c4c8311d9c7d6bdc2c23b04f155264.tar.gz
fscanf() uses dynamic formatting to prevent buffer overflow (#288)
CVE: CVE-2020-29394 Signed-off-by: KHANH LUONG HONG DUY <khanh.luonghongduy@vn.bosch.com> Co-authored-by: KHANH LUONG HONG DUY <khanh.luonghongduy@vn.bosch.com>
-rw-r--r--src/shared/dlt_common.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c
index f8aa746..5c28113 100644
--- a/src/shared/dlt_common.c
+++ b/src/shared/dlt_common.c
@@ -390,6 +390,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb
FILE *handle;
char str1[DLT_COMMON_BUFFER_LENGTH];
char apid[DLT_ID_SIZE], ctid[DLT_ID_SIZE];
+ char format[10];
PRINT_FUNCTION_VERBOSE(verbose);
@@ -400,13 +401,15 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb
return DLT_RETURN_ERROR;
}
+ sprintf(format, "%c%ds", '%', DLT_COMMON_BUFFER_LENGTH-1);
+
/* Reset filters */
filter->counter = 0;
while (!feof(handle)) {
str1[0] = 0;
- if (fscanf(handle, "%254s", str1) != 1)
+ if (fscanf(handle, format, str1) != 1)
break;
if (str1[0] == 0)
@@ -421,7 +424,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb
str1[0] = 0;
- if (fscanf(handle, "%254s", str1) != 1)
+ if (fscanf(handle, format, str1) != 1)
break;
if (str1[0] == 0)