Skip to content

Commit

Permalink
dlt_common: Fix buffer overflow in dlt_filter_load (#275)
Browse files Browse the repository at this point in the history 
A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument.

Fixed: #274

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
  • Loading branch information
@gy741
gy741 committed Nov 30, 2020
1 parent f093d54 commit ff4f44c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/shared/dlt_common.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -404,7 +404,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb
while (!feof(handle)) {
str1[0] = 0;

if (fscanf(handle, "%s", str1) != 1)
if (fscanf(handle, "%254s", str1) != 1)
break;

if (str1[0] == 0)
Expand All @@ -419,7 +419,7 @@ DltReturnValue dlt_filter_load(DltFilter *filter, const char *filename, int verb

str1[0] = 0;

if (fscanf(handle, "%s", str1) != 1)
if (fscanf(handle, "%254s", str1) != 1)
break;

if (str1[0] == 0)
Expand Down

0 comments on commit ff4f44c

Please sign in to comment.