summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
690b2eb)
Valgrind complains that we're passing an unintialized buffer to sscanf
here. The main problem seems to be that we're not ensuring that the
buffer is NULL terminated before we pass it off.
This is the second version of this patch, the first one did not increase
the buffer allocation by 1 which could have led to clobbering the next
byte on the stack if nbytes == INFOBUFLEN.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
read_service_info(char *info_file_name, char **servicename, char **servername,
int *prog, int *vers, char **protocol, int *port) {
#define INFOBUFLEN 256
read_service_info(char *info_file_name, char **servicename, char **servername,
int *prog, int *vers, char **protocol, int *port) {
#define INFOBUFLEN 256
+ char buf[INFOBUFLEN + 1];
static char dummy[128];
int nbytes;
static char service[128];
static char dummy[128];
int nbytes;
static char service[128];
if ((nbytes = read(fd, buf, INFOBUFLEN)) == -1)
goto fail;
close(fd);
if ((nbytes = read(fd, buf, INFOBUFLEN)) == -1)
goto fail;
close(fd);
numfields = sscanf(buf,"RPC server: %127s\n"
"service: %127s %15s version %15s\n"
numfields = sscanf(buf,"RPC server: %127s\n"
"service: %127s %15s version %15s\n"