Specify field width when using sscanf() function

This is to avoid possible crashes with huge input data.

Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>

diff --git a/count.c b/count.c
index 83b80e028ac9fb77167f5cbe7a3692a2db62abf9..b5f3aeb99b502556af2646d11b108e78690ca3e5 100644 (file)
--- a/count.c
+++ b/count.c
@@ -259,7 +259,7 @@ __nr_t get_diskstats_dev_nr(int count_part, int only_used_dev)
        while (fgets(line, sizeof(line), fp) != NULL) {
 
                if (!count_part) {
-                       i = sscanf(line, "%*d %*d %s %lu %*u %*u %*u %lu",
+                       i = sscanf(line, "%*d %*d %127s %lu %*u %*u %*u %lu",
                                   dev_name, &rd_ios, &wr_ios);
                        if ((i == 2) || !is_device(SLASH_SYS, dev_name, ACCEPT_VIRTUAL_DEVICES))
                                /* It was a partition and not a device */

diff --git a/ioconf.c b/ioconf.c
index cf0323615206e8ba03eabf3815671f3601b1948a..98983cab87240f2e9937c57b152c2e6bd9c97240 100644 (file)
--- a/ioconf.c
+++ b/ioconf.c
@@ -178,7 +178,7 @@ int ioc_init(void)
                memset(blkp, 0, BLK_CONFIG_SIZE);
                memset(iocp, 0, IOC_ENTRY_SIZE);
 
-               i = sscanf(buf, "%u:%u:%u:%s",
+               i = sscanf(buf, "%u:%u:%u:%63s",
                           &major, &indirect, &iocp->ctrlno, desc);
 
                if (i != 4) {
@@ -235,7 +235,7 @@ int ioc_init(void)
 
                /* maybe it's a full record? */
 
-               i = sscanf(buf, "%u:%[^:]:%[^:]:%u:%[^:]:%u:%[^:]:%u:%s",
+               i = sscanf(buf, "%u:%[^:]:%[^:]:%u:%[^:]:%u:%[^:]:%u:%63s",
                           &major, blkp->name,
                           cfmt, &iocp->ctrlno,
                           dfmt, &blkp->dcount,

diff --git a/rd_stats.c b/rd_stats.c
index dd5f4277bab1c2a0cc459d9cc3f7140eb2c1d88d..577b0a9056dfdfea651da0cd1f03bb8adc6a53c8 100644 (file)
--- a/rd_stats.c
+++ b/rd_stats.c
@@ -832,7 +832,7 @@ __nr_t read_diskstats_io(struct stats_io *st_io)
                dc_ios = dc_sec = 0;
 
                if (sscanf(line,
-                          "%u %u %s "
+                          "%u %u %127s "
                           "%lu %*u %lu %*u "
                           "%lu %*u %lu %*u "
                           "%*u %*u %*u "
@@ -903,7 +903,7 @@ __nr_t read_diskstats_disk(struct stats_disk *st_disk, __nr_t nr_alloc,
                dc_ios = dc_sec = dc_ticks = 0;
 
                if (sscanf(line,
-                          "%u %u %s "
+                          "%u %u %127s "
                           "%lu %*u %lu %u "
                           "%lu %*u %lu %u "
                           "%*u %u %u "
@@ -1139,7 +1139,7 @@ __nr_t read_net_dev(struct stats_net_dev *st_net_dev, __nr_t nr_alloc)
                        st_net_dev_i = st_net_dev + dev_read++;
                        strncpy(iface, line, MINIMUM(pos, sizeof(iface) - 1));
                        iface[MINIMUM(pos, sizeof(iface) - 1)] = '\0';
-                       sscanf(iface, "%s", st_net_dev_i->interface); /* Skip heading spaces */
+                       sscanf(iface, "%15s", st_net_dev_i->interface); /* Skip heading spaces */
                        sscanf(line + pos + 1, "%llu %llu %*u %*u %*u %*u %llu %llu %llu %llu "
                               "%*u %*u %*u %*u %*u %llu",
                               &st_net_dev_i->rx_bytes,
@@ -1262,7 +1262,7 @@ __nr_t read_net_edev(struct stats_net_edev *st_net_edev, __nr_t nr_alloc)
                        st_net_edev_i = st_net_edev + dev_read++;
                        strncpy(iface, line, MINIMUM(pos, sizeof(iface) - 1));
                        iface[MINIMUM(pos, sizeof(iface) - 1)] = '\0';
-                       sscanf(iface, "%s", st_net_edev_i->interface); /* Skip heading spaces */
+                       sscanf(iface, "%15s", st_net_edev_i->interface); /* Skip heading spaces */
                        sscanf(line + pos + 1, "%*u %*u %llu %llu %llu %llu %*u %*u %*u %*u "
                               "%llu %llu %llu %llu %llu",
                               &st_net_edev_i->rx_errors,