diff options
author | Ildar Kamaletdinov <i.kamaletdinov@omp.ru> | 2022-04-01 15:16:45 +0300 |
---|---|---|
committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2022-04-04 09:41:59 -0700 |
commit | 1e664b9838cd84a921360806de084c749a60304b (patch) | |
tree | 47e3707221873870945e5ab537fecc6e494ea31a /tools/btmgmt.c | |
parent | 497a0b220dbdd9b10d0ba797645d327cd6cfb6e5 (diff) | |
download | bluez-1e664b9838cd84a921360806de084c749a60304b.tar.gz |
tools: Limit width of fields in sscanf
In tools/btmgmt.c and tools/hex2hcd.c few sscanf does not limit width
of fields. This could lead to static overflow and stack corruption.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Diffstat (limited to 'tools/btmgmt.c')
-rw-r--r-- | tools/btmgmt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/btmgmt.c b/tools/btmgmt.c index 42ef9acef..8f63f12ba 100644 --- a/tools/btmgmt.c +++ b/tools/btmgmt.c @@ -5164,7 +5164,7 @@ static bool str2pattern(struct mgmt_adv_pattern *pattern, const char *str) char pattern_str[62] = { 0 }; char tmp; - if (sscanf(str, "%2hhx%n:%2hhx%n:%s", &pattern->ad_type, &type_len, + if (sscanf(str, "%2hhx%n:%2hhx%n:%61s", &pattern->ad_type, &type_len, &pattern->offset, &offset_end_pos, pattern_str) != 3) return false; |