From patchwork Thu Feb 7 13:13:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Laurent Vivier X-Patchwork-Id: 157752 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp636095jaa; Thu, 7 Feb 2019 05:19:23 -0800 (PST) X-Google-Smtp-Source: AHgI3IZUaqO07ErBnu+oNvWPc/J0oP5qdF4XkNKb9DF0rDkqcTrcDTUR8MmNisgEkfrdCIMdgHYL X-Received: by 2002:a1c:494:: with SMTP id 142mr7403245wme.111.1549545563024; Thu, 07 Feb 2019 05:19:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549545563; cv=none; d=google.com; s=arc-20160816; b=zMrmlaD4i4RfZFeiy4D8sPrT4S0woqk5dJiAxBRjMvX1EWNaMsKYpDD3EobdTw7GdH p8oqX8XGecv4h/eTRDsMWFe7SnrN3acNUCm/bAn5TfsqamFrrUJaG8PvKUeNEarEU2eo otqKGjZa2KvGXprZDWyaXrLbO2NQZlDBgsM60ZH28evck3KvXDZyFew0mY3mVnl6wtlN ZYdSkeRhisNgCyldVRjDXFqidt2/fAKI8GG1CPEsMlZn+YS4pHubbf+xt5aPO88jWdQb fTii2D+c09rUer07uVAaxk3kK/3jK7+MWrlIjIWhrcpKW6rvo5XSTmwwUfPkOWzjloig U1Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from; bh=yLHesk3zNZByJC80wfKKpwItmXDflbKjrPljf+32lRA=; b=C7g2dtl+c8IJlrM5QcaZTdez9lIiECInycdhx10ffOTRqcwEc6u2tfLs/ehkQ7xxpq EjBKoiEpu6aaRX3/3i4q/ujg76QONINZgrboynuND5JsVvRpbByO3yyFJwxI2iW7XY19 gK7PJ879CbxLv3ctxU1F0ehN0ciTNFZOpwvL8JyRXIYi9p70TrcrcoSFTU4FJAd0zr+X plBdIL6GXjrxQCc+D18DO7Maz7oID9pP3FwjT0rWlZXAYZuTgUwniI8oUIwapHwLnlId gZtBhz4+wLJatD0+AFLJYvoPGBanZmuS+W1qRG7ONEDX9kNOqailwLTnV+b4JmAEJW+8 2iwg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id h138si3555820wmd.146.2019.02.07.05.19.22 for (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 07 Feb 2019 05:19:23 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([127.0.0.1]:39887 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1grjaL-0006Bw-VR for patch@linaro.org; Thu, 07 Feb 2019 08:19:22 -0500 Received: from eggs.gnu.org ([209.51.188.92]:47240) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1grjV0-00033C-9G for qemu-devel@nongnu.org; Thu, 07 Feb 2019 08:13:51 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1grjUx-0006Q7-Nk for qemu-devel@nongnu.org; Thu, 07 Feb 2019 08:13:49 -0500 Received: from mout.kundenserver.de ([217.72.192.75]:58959) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1grjUx-0006Fv-DL for qemu-devel@nongnu.org; Thu, 07 Feb 2019 08:13:47 -0500 Received: from localhost.localdomain ([78.238.229.36]) by mrelayeu.kundenserver.de (mreue109 [212.227.15.183]) with ESMTPSA (Nemesis) id 1M2wCg-1goQ6e0tPY-003MNC; Thu, 07 Feb 2019 14:13:28 +0100 From: Laurent Vivier To: qemu-devel@nongnu.org Date: Thu, 7 Feb 2019 14:13:15 +0100 Message-Id: <20190207131316.2957-3-laurent@vivier.eu> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190207131316.2957-1-laurent@vivier.eu> References: <20190207131316.2957-1-laurent@vivier.eu> MIME-Version: 1.0 X-Provags-ID: V03:K1:N5Q3q/WGm2DHhhdeJSHbXUifAe5fw+4xxMpSGceZ7QRQ4+K2Qul MojolsylzZSr3VGNzPI708+CvpUxhECb0zt0mkgkCBXd3KllJVwZny3pqB1QtFzPyGssGmy Awpx9b3R95tfNbTCLpHytonklz6mUbBs7qyY7GOxIonrCSaqRWyIfnkwdEAdXWdZkuiFE27 HQ+EB4loq7+8ewu9mBGkQ== X-UI-Out-Filterresults: notjunk:1; V03:K0:T+Ik1Nlu6SM=:s5aoDS8NE8q3HY8HWptZk5 YhUdwJHDfrsLMlAR2BKmJFBotlddNMKXjV8u6vgl6Ez0YGy1CEqw3Z0gX6+Ddnuh1DV7PcFl1 VwH3duJeYU5vGQlHV39mjCgcVbcaqxRXmfJdQ023FMmxR/q7utX1khvyR2cR1i15xUYeVqaDs CAZAwhgYCi/pNvMCtDZrc7gd1xVP30x5ZjCbFB+va3YUz3dn+0AVrGjjnfn5JxJSEMMa2JbDw ljzUOuaZTGxO2TlShHN85JMWI/AcpKxt4Vs50PUGn955u7W2GgXTCmKWUXUTMUgtAPcqOEzMX H3xjCBF2AQRiDRjV+JaE0GVO3166ZolN7EEEnA5g4pdRd/RmC6+mrtuwDPshS9D5SX7bHxOgb ihC2JefiF7oSfT63NEDKsbvHfipCquThM9NSy5bpsnB2yFL0SqCA1RPAJbxpdoZOM9Ugd9AgQ 03RJg6VYOkKJlUPnFcYF+gvoK4XZdDgURq/8VRISx5LAOP9JLXdtpC2rjmgj9QPNbF3Lb0Pgn FwZRLbxB9Jw3nkUEP5ISD7gYRtJptwNnlGc6Gi1T7uaa6AKkSYFtfafhD4jh3hgai3UfYNkGH LeuVocinlTIkHm4CkdoAIHLurjxod2OWUd+lD5BYH92P5DfOS2TrdvCrvhpdoBUs6RafEkKF8 6uDVJVf1W/vlZw813gifzISfoSUW1NxwDBGWWuWc76yZ8aVQqHd85zYwjvkSRkFaxQqHD7FJ5 aEPmKUKIc03BAFEIbkMG6GI1wqvjXB9cCsgfR7O3lW2JTqI8PlL1LJshk9I= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 217.72.192.75 Subject: [Qemu-devel] [PULL v2 2/3] linux-user: Check sscanf return value in open_net_route() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Riku Voipio , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?b?w6k=?= , Laurent Vivier , Stefano Garzarella Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell Coverity warns (CID 1390634) that open_net_route() is not checking the return value from sscanf(), which means that it might then use values that aren't initialized. Errors here should in general not happen since we're passing an assumed-good /proc/net/route from the host kernel, but if we do fail to parse a line then just skip it in the output we pass to the guest. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Stefano Garzarella Reviewed-by: Laurent Vivier Message-Id: <20190205174207.9278-1-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) -- 2.20.1 diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 08acc4d860..5bbb72f3d5 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -6768,9 +6768,15 @@ static int open_net_route(void *cpu_env, int fd) char iface[16]; uint32_t dest, gw, mask; unsigned int flags, refcnt, use, metric, mtu, window, irtt; - sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", - iface, &dest, &gw, &flags, &refcnt, &use, &metric, - &mask, &mtu, &window, &irtt); + int fields; + + fields = sscanf(line, + "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", + iface, &dest, &gw, &flags, &refcnt, &use, &metric, + &mask, &mtu, &window, &irtt); + if (fields != 11) { + continue; + } dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", iface, tswap32(dest), tswap32(gw), flags, refcnt, use, metric, tswap32(mask), mtu, window, irtt);