From: Laszlo Ersek <lersek@redhat.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 7/7] smbios: Check R in -smbios type=0, release=R parses okay
Date: Thu, 06 Jun 2013 20:39:26 +0200 [thread overview]
Message-ID: <51B0D75E.8000305@redhat.com> (raw)
In-Reply-To: <1370536046-15125-8-git-send-email-armbru@redhat.com>
On 06/06/13 18:27, Markus Armbruster wrote:
> Signed-off-by: Markus Armbruster <armbru@redhat.com>
> ---
> hw/i386/smbios.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/hw/i386/smbios.c b/hw/i386/smbios.c
> index 68bd6d0..88a1360 100644
> --- a/hw/i386/smbios.c
> +++ b/hw/i386/smbios.c
> @@ -140,7 +140,10 @@ static void smbios_build_type_0_fields(const char *t)
> bios_release_date_str),
> buf, strlen(buf) + 1);
> if (get_param_value(buf, sizeof(buf), "release", t)) {
> - sscanf(buf, "%hhd.%hhd", &major, &minor);
> + if (sscanf(buf, "%hhd.%hhd", &major, &minor) != 2) {
> + error_report("Invalid release");
> + exit(1);
> + }
> smbios_add_field(0, offsetof(struct smbios_type_0,
> system_bios_major_release),
> &major, 1);
>
Right. OTOH if any of the decimal strings provided doesn't fit into the
space provided (eg. you pass "256" for an "unsigned char" which happens
to be uint8_t), the behavior is undefined anyway. sscanf() cannot be
used with "untrusted" data. ("... if the result of the conversion cannot
be represented in the space provided, the behavior is undefined.")
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
next prev parent reply other threads:[~2013-06-06 18:37 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-06 16:27 [Qemu-devel] [PATCH 0/7] Some -smbios work Markus Armbruster
2013-06-06 16:27 ` [Qemu-devel] [PATCH 1/7] error-report.h: Supply missing include Markus Armbruster
2013-06-06 18:22 ` Laszlo Ersek
2013-06-06 16:27 ` [Qemu-devel] [PATCH 2/7] log.h: Supply missing includes Markus Armbruster
2013-06-06 18:22 ` Laszlo Ersek
2013-06-06 16:27 ` [Qemu-devel] [PATCH 3/7] smbios: Convert to error_report() Markus Armbruster
2013-06-06 18:23 ` Laszlo Ersek
2013-06-06 16:27 ` [Qemu-devel] [PATCH 4/7] Use sizeof(qemu_uuid) instead of literal 16 Markus Armbruster
2013-06-06 18:26 ` Laszlo Ersek
2013-06-06 19:52 ` Markus Armbruster
2013-06-06 16:27 ` [Qemu-devel] [PATCH 5/7] smbios: Clean up smbios_add_field() parameters Markus Armbruster
2013-06-06 18:31 ` Laszlo Ersek
2013-06-06 19:52 ` Markus Armbruster
2013-06-06 16:27 ` [Qemu-devel] [PATCH 6/7] smbios: Fix -smbios type=0, release=... for big endian hosts Markus Armbruster
2013-06-06 18:35 ` Laszlo Ersek
2013-06-06 19:55 ` Markus Armbruster
2013-06-06 16:27 ` [Qemu-devel] [PATCH 7/7] smbios: Check R in -smbios type=0, release=R parses okay Markus Armbruster
2013-06-06 18:39 ` Laszlo Ersek [this message]
2013-06-06 20:02 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51B0D75E.8000305@redhat.com \
--to=lersek@redhat.com \
--cc=aliguori@us.ibm.com \
--cc=armbru@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).