diff options
author | gy741 <gy741.kim@gmail.com> | 2020-11-30 13:48:31 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-30 13:48:31 +0900 |
commit | ff4f44c159df6f44b48bd38c9d2f104eb360be11 (patch) | |
tree | 1a567b93cd5a4087234c72f738798159e2b8b2d7 /src/shared | |
parent | f093d547c2e4c68d0b7060f9accfc67784b7c06a (diff) | |
download | DLT-daemon-ff4f44c159df6f44b48bd38c9d2f104eb360be11.tar.gz |
dlt_common: Fix buffer overflow in dlt_filter_load (#275)
A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument.
Fixed: #274
Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/dlt_common.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c index 254f4ce..d15b1ce 100644 --- a/src/shared/dlt_common.c +++ b/src/shared/dlt_common.c @@ -404,7 +404,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb while (!feof(handle)) { str1[0] = 0; - if (fscanf(handle, "%s", str1) != 1) + if (fscanf(handle, "%254s", str1) != 1) break; if (str1[0] == 0) @@ -419,7 +419,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb str1[0] = 0; - if (fscanf(handle, "%s", str1) != 1) + if (fscanf(handle, "%254s", str1) != 1) break; if (str1[0] == 0) |