tools: Limit width of fields in sscanf

In tools/btmgmt.c and tools/hex2hcd.c few sscanf does not limit width of fields. This could lead to static overflow and stack corruption. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
author: Ildar Kamaletdinov <i.kamaletdinov@omp.ru> 2022-04-01 15:16:45 +0300
committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2022-04-04 09:41:59 -0700
commit: 1e664b9838cd84a921360806de084c749a60304b (patch)
tree: 47e3707221873870945e5ab537fecc6e494ea31a /tools/btmgmt.c
parent: 497a0b220dbdd9b10d0ba797645d327cd6cfb6e5 (diff)
download: bluez-1e664b9838cd84a921360806de084c749a60304b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/btmgmt.c b/tools/btmgmt.c
index 42ef9acef..8f63f12ba 100644
--- a/tools/btmgmt.c
+++ b/tools/btmgmt.c
@@ -5164,7 +5164,7 @@ static bool str2pattern(struct mgmt_adv_pattern *pattern, const char *str)
 	char pattern_str[62] = { 0 };
 	char tmp;
 
-	if (sscanf(str, "%2hhx%n:%2hhx%n:%s", &pattern->ad_type, &type_len,
+	if (sscanf(str, "%2hhx%n:%2hhx%n:%61s", &pattern->ad_type, &type_len,
 			&pattern->offset, &offset_end_pos, pattern_str) != 3)
 		return false;
author	Ildar Kamaletdinov <i.kamaletdinov@omp.ru>	2022-04-01 15:16:45 +0300
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2022-04-04 09:41:59 -0700
commit	1e664b9838cd84a921360806de084c749a60304b (patch)
tree	47e3707221873870945e5ab537fecc6e494ea31a /tools/btmgmt.c
parent	497a0b220dbdd9b10d0ba797645d327cd6cfb6e5 (diff)
download	bluez-1e664b9838cd84a921360806de084c749a60304b.tar.gz