From 424978302c7d5d0e03e54a6284c250e951ca694d Mon Sep 17 00:00:00 2001 From: Poornima G Date: Thu, 22 Nov 2018 21:41:37 +0530 Subject: Coverity fix for calling risky function - fscanf fscanf with %s reads a word, there is no restriction on the length of that word, and the caller is required to pass a sufficiently large buffer for storing thw word. If the input word exceeds the buffer size, it will cause buffer overflow. To fix this, use fscanf with width parameter. Width specifies the maximum number of characters to be read in the current reading operation. Change-Id: If250abf5eb637b9fc2a79047e3599f83254cd4e5 updates: bz#1193929 Signed-off-by: Poornima G --- libglusterfs/src/statedump.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'libglusterfs/src/statedump.c') diff --git a/libglusterfs/src/statedump.c b/libglusterfs/src/statedump.c index ed5cad5349b..bab95855935 100644 --- a/libglusterfs/src/statedump.c +++ b/libglusterfs/src/statedump.c @@ -89,19 +89,19 @@ gf_proc_dump_set_path(char *dump_options_file) if (!fp) goto out; - ret = fscanf(fp, "%s", buf); + ret = fscanf(fp, "%255s", buf); while (ret != EOF) { key = strtok_r(buf, "=", &saveptr); if (!key) { - ret = fscanf(fp, "%s", buf); + ret = fscanf(fp, "%255s", buf); continue; } value = strtok_r(NULL, "=", &saveptr); if (!value) { - ret = fscanf(fp, "%s", buf); + ret = fscanf(fp, "%255s", buf); continue; } if (!strcmp(key, "path")) { @@ -747,19 +747,19 @@ gf_proc_dump_options_init() // swallow the errors if setting statedump file path is failed. (void)gf_proc_dump_set_path(dump_option_file); - ret = fscanf(fp, "%s", buf); + ret = fscanf(fp, "%255s", buf); while (ret != EOF) { key = strtok_r(buf, "=", &saveptr); if (!key) { - ret = fscanf(fp, "%s", buf); + ret = fscanf(fp, "%255s", buf); continue; } value = strtok_r(NULL, "=", &saveptr); if (!value) { - ret = fscanf(fp, "%s", buf); + ret = fscanf(fp, "%255s", buf); continue; } -- cgit