Opened 18 months ago
Closed 18 months ago
#1546 closed defect (fixed)
Possible buffer overflow in smartctl.cpp
Reported by: | aaelhaj | Owned by: | Christian Franke |
---|---|---|---|
Priority: | major | Milestone: | Release 7.3 |
Component: | smartctl | Version: | |
Keywords: | Cc: |
Description
s
buffer is allocated 8 bytes here:
https://www.smartmontools.org/browser/trunk/smartmontools/smartctl.cpp#L873
However, the corresponsing sscanf format specifier can be up to 10 bytes:
https://www.smartmontools.org/browser/trunk/smartmontools/smartctl.cpp#L874
Change History (2)
comment:1 Changed 18 months ago by
Milestone: | → Release 7.3 |
---|---|
Owner: | set to Christian Franke |
Priority: | minor → major |
Status: | new → accepted |
comment:2 Changed 18 months ago by
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
Fixed in r5260, thanks again.
Note: See
TracTickets for help on using
tickets.
Thanks for reporting this bug introduced in r4380.
Interestingly none of the tools we use (g++, clang++, cppcheck, LGTM) detected this.
Cppcheck apparently only detects:
char s[9]; sscanf(p, "%9s", s);
but not:
char s[9]; sscanf(p, "%9[a-z]", s)