[PATCH] ipmaddr: Add check for result of sscanf

[PATCH] ipmaddr: Add check for result of sscanf

[Maks Mishin]

Added comparison of result sscanf with 2 to avoid
potential troubles with args of sscanf.
Found by RASU JSC.

Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
---
 ip/ipmaddr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c
index 2418b303..00e91004 100644
--- a/ip/ipmaddr.c
+++ b/ip/ipmaddr.c
@@ -148,7 +148,9 @@ static void read_igmp(struct ma_info **result_p)
 		if (buf[0] != '\t') {
 			size_t len;
 
-			sscanf(buf, "%d%s", &m.index, m.name);
+			if (sscanf(buf, "%d%s", &m.index, m.name) != 2)
+				return;
+
 			len = strlen(m.name);
 			if (m.name[len - 1] == ':')
 				m.name[len - 1] = '\0';
-- 
2.30.2

Re: [PATCH] ipmaddr: Add check for result of sscanf

[Stephen Hemminger]

On Sun, 18 Feb 2024 23:42:03 +0300
Maks Mishin <maks.mishinfz@gmail.com> wrote:

> Added comparison of result sscanf with 2 to avoid
> potential troubles with args of sscanf.
> Found by RASU JSC.
> 
> Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
> ---
>  ip/ipmaddr.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c
> index 2418b303..00e91004 100644
> --- a/ip/ipmaddr.c
> +++ b/ip/ipmaddr.c
> @@ -148,7 +148,9 @@ static void read_igmp(struct ma_info **result_p)
>  		if (buf[0] != '\t') {
>  			size_t len;
>  
> -			sscanf(buf, "%d%s", &m.index, m.name);
> +			if (sscanf(buf, "%d%s", &m.index, m.name) != 2)
> +				return;
> +

You didn't look at surrounding code.
That will leak the file descriptor.
Please review you patches more carefully.

This is reading from kernel /proc/net/igmp. And the ABI for that is
stable so not a serious concern. It would be good if this was available
over better API like netlink, but few users get into the weed of multicast.