diff options
author | Peter Maydell <peter.maydell@linaro.org> | 2019-02-05 17:42:07 +0000 |
---|---|---|
committer | Laurent Vivier <laurent@vivier.eu> | 2019-02-07 14:11:19 +0100 |
commit | 9d0bd0cdd011edf15949ecdf08c25d8385028983 (patch) | |
tree | b229c629e598868272deb6e5888b2c9b2f085ed7 | |
parent | 22e4a267a6627e5b5b1b13bfc1b92445775704be (diff) |
linux-user: Check sscanf return value in open_net_route()
Coverity warns (CID 1390634) that open_net_route() is not
checking the return value from sscanf(), which means that
it might then use values that aren't initialized.
Errors here should in general not happen since we're passing
an assumed-good /proc/net/route from the host kernel, but
if we do fail to parse a line then just skip it in the output
we pass to the guest.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20190205174207.9278-1-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
-rw-r--r-- | linux-user/syscall.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 08acc4d860..5bbb72f3d5 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -6768,9 +6768,15 @@ static int open_net_route(void *cpu_env, int fd) char iface[16]; uint32_t dest, gw, mask; unsigned int flags, refcnt, use, metric, mtu, window, irtt; - sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", - iface, &dest, &gw, &flags, &refcnt, &use, &metric, - &mask, &mtu, &window, &irtt); + int fields; + + fields = sscanf(line, + "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", + iface, &dest, &gw, &flags, &refcnt, &use, &metric, + &mask, &mtu, &window, &irtt); + if (fields != 11) { + continue; + } dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", iface, tswap32(dest), tswap32(gw), flags, refcnt, use, metric, tswap32(mask), mtu, window, irtt); |