]> granicus.if.org Git - procps-ng/commitdiff
0091-pmap: Check sscanf() in discover_shm_minor().
authorQualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committerCraig Small <csmall@enc.com.au>
Sat, 23 Jun 2018 11:59:14 +0000 (21:59 +1000)
Need at least 6 items ("inode" is unused).

Signed-off-by: Craig Small <csmall@enc.com.au>
pmap.c

diff --git a/pmap.c b/pmap.c
index 57d8f04ec201e5a8f21d983dcd3a80983be1838f..0868f9121976e2b399374ee0db0c5f8f990d6969 100644 (file)
--- a/pmap.c
+++ b/pmap.c
@@ -178,9 +178,9 @@ static void discover_shm_minor(void)
                unsigned long start, end;
                unsigned long long file_offset, inode;
                unsigned dev_major, dev_minor;
-               sscanf(mapbuf_b, "%lx-%lx %31s %llx %x:%x %llu", &start,
-                      &end, perms, &file_offset, &dev_major, &dev_minor,
-                      &inode);
+               if (sscanf(mapbuf_b, "%lx-%lx %31s %llx %x:%x %llu", &start,
+                      &end, perms, &file_offset, &dev_major, &dev_minor, &inode) < 6)
+            continue;
                tmp = strchr(mapbuf_b, '\n');
                if (tmp)
                        *tmp = '\0';