Opened 3 years ago

Closed 3 years ago

#1546 closed defect (fixed)

Possible buffer overflow in smartctl.cpp

Reported by: aaelhaj Owned by: Christian Franke
Priority: major Milestone: Release 7.3
Component: smartctl Version:
Keywords: Cc:

Description

s buffer is allocated 8 bytes here:
https://www.smartmontools.org/browser/trunk/smartmontools/smartctl.cpp#L873

However, the corresponsing sscanf format specifier can be up to 10 bytes:
https://www.smartmontools.org/browser/trunk/smartmontools/smartctl.cpp#L874

Change History (2)

comment:1 by Christian Franke, 3 years ago

Milestone: Release 7.3
Owner: set to Christian Franke
Priority: minormajor
Status: newaccepted

Thanks for reporting this bug introduced in r4380.

Interestingly none of the tools we use (g++, clang++, cppcheck, LGTM) detected this.

Cppcheck apparently only detects:
char s[9]; sscanf(p, "%9s", s);
but not:
char s[9]; sscanf(p, "%9[a-z]", s)

comment:2 by Christian Franke, 3 years ago

Resolution: fixed
Status: acceptedclosed

Fixed in r5260, thanks again.

Note: See TracTickets for help on using tickets.