diff options
author | Kevin-Luong <39298548+Kevin-Luong@users.noreply.github.com> | 2021-01-29 08:31:38 +0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-29 10:31:38 +0900 |
commit | 43fda34be9c4c8311d9c7d6bdc2c23b04f155264 (patch) | |
tree | 019570a5bb6b28ff064e680001bf1810838f121e /src/shared/dlt_common.c | |
parent | b0a21ecb5e02be2556b186e1cb5bf85beaf79d7d (diff) | |
download | DLT-daemon-43fda34be9c4c8311d9c7d6bdc2c23b04f155264.tar.gz |
fscanf() uses dynamic formatting to prevent buffer overflow (#288)
CVE: CVE-2020-29394
Signed-off-by: KHANH LUONG HONG DUY <khanh.luonghongduy@vn.bosch.com>
Co-authored-by: KHANH LUONG HONG DUY <khanh.luonghongduy@vn.bosch.com>
Diffstat (limited to 'src/shared/dlt_common.c')
-rw-r--r-- | src/shared/dlt_common.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c index f8aa746..5c28113 100644 --- a/src/shared/dlt_common.c +++ b/src/shared/dlt_common.c @@ -390,6 +390,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb FILE *handle; char str1[DLT_COMMON_BUFFER_LENGTH]; char apid[DLT_ID_SIZE], ctid[DLT_ID_SIZE]; + char format[10]; PRINT_FUNCTION_VERBOSE(verbose); @@ -400,13 +401,15 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb return DLT_RETURN_ERROR; } + sprintf(format, "%c%ds", '%', DLT_COMMON_BUFFER_LENGTH-1); + /* Reset filters */ filter->counter = 0; while (!feof(handle)) { str1[0] = 0; - if (fscanf(handle, "%254s", str1) != 1) + if (fscanf(handle, format, str1) != 1) break; if (str1[0] == 0) @@ -421,7 +424,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb str1[0] = 0; - if (fscanf(handle, "%254s", str1) != 1) + if (fscanf(handle, format, str1) != 1) break; if (str1[0] == 0) |