Fix 2 dc stream buffer
To meet requirements of Common Criteria certification vulnerablility assessment. Static code analysis has been run and found the following Error: DC.STREAM_BUFFER (CWE-120): [#def46] mdadm-4.2: dont_call: "fscanf" assumes an arbitrarily long string, so callers must use correct precision specifiers or never use "fscanf". The change is to define a value for string %s. V2: Tighten the value in policy.c to match the limit of the metadata. Add a change to policy_save_path() to use correct precision on the fscanf call. Signed-off-by: Nigel Croxon <ncroxon@redhat.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
This commit is contained in:
parent
d64a37b9bf
commit
1c66260df6
|
@ -359,7 +359,7 @@ static int check_one_sharer(int scan)
|
|||
"/proc/%d/comm", pid);
|
||||
comm_fp = fopen(comm_path, "r");
|
||||
if (comm_fp) {
|
||||
if (fscanf(comm_fp, "%s", comm) &&
|
||||
if (fscanf(comm_fp, "%19s", comm) &&
|
||||
strncmp(basename(comm), Name, strlen(Name)) == 0) {
|
||||
if (scan) {
|
||||
pr_err("Only one autorebuild process allowed in scan mode, aborting\n");
|
||||
|
|
4
policy.c
4
policy.c
|
@ -761,7 +761,7 @@ void policy_save_path(char *id_path, struct map_ent *array)
|
|||
return;
|
||||
}
|
||||
|
||||
if (fprintf(f, "%s %08x:%08x:%08x:%08x\n",
|
||||
if (fprintf(f, "%20s %08x:%08x:%08x:%08x\n",
|
||||
array->metadata,
|
||||
array->uuid[0], array->uuid[1],
|
||||
array->uuid[2], array->uuid[3]) <= 0)
|
||||
|
@ -784,7 +784,7 @@ int policy_check_path(struct mdinfo *disk, struct map_ent *array)
|
|||
if (!f)
|
||||
continue;
|
||||
|
||||
rv = fscanf(f, " %s %x:%x:%x:%x\n",
|
||||
rv = fscanf(f, " %20s %x:%x:%x:%x\n",
|
||||
array->metadata,
|
||||
array->uuid,
|
||||
array->uuid+1,
|
||||
|
|
Loading…
Reference in New Issue