From patchwork Thu Feb 7 13:13:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Laurent Vivier X-Patchwork-Id: 1038061 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=vivier.eu Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43wJkV5CBYz9s4V for ; Fri, 8 Feb 2019 00:17:06 +1100 (AEDT) Received: from localhost ([127.0.0.1]:39874 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1grjY7-00052m-Nk for incoming@patchwork.ozlabs.org; Thu, 07 Feb 2019 08:17:04 -0500 Received: from eggs.gnu.org ([209.51.188.92]:47240) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1grjV0-00033C-9G for qemu-devel@nongnu.org; Thu, 07 Feb 2019 08:13:51 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1grjUx-0006Q7-Nk for qemu-devel@nongnu.org; Thu, 07 Feb 2019 08:13:49 -0500 Received: from mout.kundenserver.de ([217.72.192.75]:58959) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1grjUx-0006Fv-DL for qemu-devel@nongnu.org; Thu, 07 Feb 2019 08:13:47 -0500 Received: from localhost.localdomain ([78.238.229.36]) by mrelayeu.kundenserver.de (mreue109 [212.227.15.183]) with ESMTPSA (Nemesis) id 1M2wCg-1goQ6e0tPY-003MNC; Thu, 07 Feb 2019 14:13:28 +0100 From: Laurent Vivier To: qemu-devel@nongnu.org Date: Thu, 7 Feb 2019 14:13:15 +0100 Message-Id: <20190207131316.2957-3-laurent@vivier.eu> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190207131316.2957-1-laurent@vivier.eu> References: <20190207131316.2957-1-laurent@vivier.eu> MIME-Version: 1.0 X-Provags-ID: V03:K1:N5Q3q/WGm2DHhhdeJSHbXUifAe5fw+4xxMpSGceZ7QRQ4+K2Qul MojolsylzZSr3VGNzPI708+CvpUxhECb0zt0mkgkCBXd3KllJVwZny3pqB1QtFzPyGssGmy Awpx9b3R95tfNbTCLpHytonklz6mUbBs7qyY7GOxIonrCSaqRWyIfnkwdEAdXWdZkuiFE27 HQ+EB4loq7+8ewu9mBGkQ== X-UI-Out-Filterresults: notjunk:1; V03:K0:T+Ik1Nlu6SM=:s5aoDS8NE8q3HY8HWptZk5 YhUdwJHDfrsLMlAR2BKmJFBotlddNMKXjV8u6vgl6Ez0YGy1CEqw3Z0gX6+Ddnuh1DV7PcFl1 VwH3duJeYU5vGQlHV39mjCgcVbcaqxRXmfJdQ023FMmxR/q7utX1khvyR2cR1i15xUYeVqaDs CAZAwhgYCi/pNvMCtDZrc7gd1xVP30x5ZjCbFB+va3YUz3dn+0AVrGjjnfn5JxJSEMMa2JbDw ljzUOuaZTGxO2TlShHN85JMWI/AcpKxt4Vs50PUGn955u7W2GgXTCmKWUXUTMUgtAPcqOEzMX H3xjCBF2AQRiDRjV+JaE0GVO3166ZolN7EEEnA5g4pdRd/RmC6+mrtuwDPshS9D5SX7bHxOgb ihC2JefiF7oSfT63NEDKsbvHfipCquThM9NSy5bpsnB2yFL0SqCA1RPAJbxpdoZOM9Ugd9AgQ 03RJg6VYOkKJlUPnFcYF+gvoK4XZdDgURq/8VRISx5LAOP9JLXdtpC2rjmgj9QPNbF3Lb0Pgn FwZRLbxB9Jw3nkUEP5ISD7gYRtJptwNnlGc6Gi1T7uaa6AKkSYFtfafhD4jh3hgai3UfYNkGH LeuVocinlTIkHm4CkdoAIHLurjxod2OWUd+lD5BYH92P5DfOS2TrdvCrvhpdoBUs6RafEkKF8 6uDVJVf1W/vlZw813gifzISfoSUW1NxwDBGWWuWc76yZ8aVQqHd85zYwjvkSRkFaxQqHD7FJ5 aEPmKUKIc03BAFEIbkMG6GI1wqvjXB9cCsgfR7O3lW2JTqI8PlL1LJshk9I= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 217.72.192.75 Subject: [Qemu-devel] [PULL v2 2/3] linux-user: Check sscanf return value in open_net_route() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Riku Voipio , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?b?w6k=?= , Laurent Vivier , Stefano Garzarella Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell Coverity warns (CID 1390634) that open_net_route() is not checking the return value from sscanf(), which means that it might then use values that aren't initialized. Errors here should in general not happen since we're passing an assumed-good /proc/net/route from the host kernel, but if we do fail to parse a line then just skip it in the output we pass to the guest. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Stefano Garzarella Reviewed-by: Laurent Vivier Message-Id: <20190205174207.9278-1-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 08acc4d860..5bbb72f3d5 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -6768,9 +6768,15 @@ static int open_net_route(void *cpu_env, int fd) char iface[16]; uint32_t dest, gw, mask; unsigned int flags, refcnt, use, metric, mtu, window, irtt; - sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", - iface, &dest, &gw, &flags, &refcnt, &use, &metric, - &mask, &mtu, &window, &irtt); + int fields; + + fields = sscanf(line, + "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", + iface, &dest, &gw, &flags, &refcnt, &use, &metric, + &mask, &mtu, &window, &irtt); + if (fields != 11) { + continue; + } dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", iface, tswap32(dest), tswap32(gw), flags, refcnt, use, metric, tswap32(mask), mtu, window, irtt);