From: Sebastien GODARD <sysstat@users.noreply.github.com>
Date: Tue, 28 Feb 2023 07:57:40 +0000 (+0100)
Subject: Specify field width when using sscanf() function
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e0a8844ba09acc7245da47b9bbc6e3e2fb866249;p=sysstat

Specify field width when using sscanf() function

This is to avoid possible crashes with huge input data.

Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
---

diff --git a/count.c b/count.c
index 83b80e0..b5f3aeb 100644
--- a/count.c
+++ b/count.c
@@ -259,7 +259,7 @@ __nr_t get_diskstats_dev_nr(int count_part, int only_used_dev)
 	while (fgets(line, sizeof(line), fp) != NULL) {
 
 		if (!count_part) {
-			i = sscanf(line, "%*d %*d %s %lu %*u %*u %*u %lu",
+			i = sscanf(line, "%*d %*d %127s %lu %*u %*u %*u %lu",
 				   dev_name, &rd_ios, &wr_ios);
 			if ((i == 2) || !is_device(SLASH_SYS, dev_name, ACCEPT_VIRTUAL_DEVICES))
 				/* It was a partition and not a device */
diff --git a/ioconf.c b/ioconf.c
index cf03236..98983ca 100644
--- a/ioconf.c
+++ b/ioconf.c
@@ -178,7 +178,7 @@ int ioc_init(void)
 		memset(blkp, 0, BLK_CONFIG_SIZE);
 		memset(iocp, 0, IOC_ENTRY_SIZE);
 
-		i = sscanf(buf, "%u:%u:%u:%s",
+		i = sscanf(buf, "%u:%u:%u:%63s",
 			   &major, &indirect, &iocp->ctrlno, desc);
 
 		if (i != 4) {
@@ -235,7 +235,7 @@ int ioc_init(void)
 
 		/* maybe it's a full record? */
 
-		i = sscanf(buf, "%u:%[^:]:%[^:]:%u:%[^:]:%u:%[^:]:%u:%s",
+		i = sscanf(buf, "%u:%[^:]:%[^:]:%u:%[^:]:%u:%[^:]:%u:%63s",
 			   &major, blkp->name,
 			   cfmt, &iocp->ctrlno,
 			   dfmt, &blkp->dcount,
diff --git a/rd_stats.c b/rd_stats.c
index dd5f427..577b0a9 100644
--- a/rd_stats.c
+++ b/rd_stats.c
@@ -832,7 +832,7 @@ __nr_t read_diskstats_io(struct stats_io *st_io)
 		dc_ios = dc_sec = 0;
 
 		if (sscanf(line,
-			   "%u %u %s "
+			   "%u %u %127s "
 			   "%lu %*u %lu %*u "
 			   "%lu %*u %lu %*u "
 			   "%*u %*u %*u "
@@ -903,7 +903,7 @@ __nr_t read_diskstats_disk(struct stats_disk *st_disk, __nr_t nr_alloc,
 		dc_ios = dc_sec = dc_ticks = 0;
 
 		if (sscanf(line,
-			   "%u %u %s "
+			   "%u %u %127s "
 			   "%lu %*u %lu %u "
 			   "%lu %*u %lu %u "
 			   "%*u %u %u "
@@ -1139,7 +1139,7 @@ __nr_t read_net_dev(struct stats_net_dev *st_net_dev, __nr_t nr_alloc)
 			st_net_dev_i = st_net_dev + dev_read++;
 			strncpy(iface, line, MINIMUM(pos, sizeof(iface) - 1));
 			iface[MINIMUM(pos, sizeof(iface) - 1)] = '\0';
-			sscanf(iface, "%s", st_net_dev_i->interface); /* Skip heading spaces */
+			sscanf(iface, "%15s", st_net_dev_i->interface); /* Skip heading spaces */
 			sscanf(line + pos + 1, "%llu %llu %*u %*u %*u %*u %llu %llu %llu %llu "
 			       "%*u %*u %*u %*u %*u %llu",
 			       &st_net_dev_i->rx_bytes,
@@ -1262,7 +1262,7 @@ __nr_t read_net_edev(struct stats_net_edev *st_net_edev, __nr_t nr_alloc)
 			st_net_edev_i = st_net_edev + dev_read++;
 			strncpy(iface, line, MINIMUM(pos, sizeof(iface) - 1));
 			iface[MINIMUM(pos, sizeof(iface) - 1)] = '\0';
-			sscanf(iface, "%s", st_net_edev_i->interface); /* Skip heading spaces */
+			sscanf(iface, "%15s", st_net_edev_i->interface); /* Skip heading spaces */
 			sscanf(line + pos + 1, "%*u %*u %llu %llu %llu %llu %*u %*u %*u %*u "
 			       "%llu %llu %llu %llu %llu",
 			       &st_net_edev_i->rx_errors,