Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

usbip: Fix sscanf handling

Scan only to the length permitted by the buffer

One of a set of sscanf problems noted by Jackie Chang

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alan 11 years ago
parent
66a01f1158
commit
2d32927127
2 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      drivers/staging/usbip/userspace/libsrc/usbip_common.c
  2. 1 1
      drivers/staging/usbip/userspace/libsrc/vhci_driver.c

+ 1 - 1
drivers/staging/usbip/userspace/libsrc/usbip_common.c
View File 

@@ -165,7 +165,7 @@ int read_attr_speed(struct sysfs_device *dev)
 
 		goto err;
 
 	}
 
 
-	ret = sscanf(attr->value, "%s\n", speed);
 
+	ret = sscanf(attr->value, "%99s\n", speed);
 
 	if (ret < 1) {
 
 		dbg("sscanf failed");
 
 		goto err;

+ 1 - 1
drivers/staging/usbip/userspace/libsrc/vhci_driver.c
View File 

@@ -72,7 +72,7 @@ static int parse_status(char *value)
 
 		unsigned long socket;
 
 		char lbusid[SYSFS_BUS_ID_SIZE];
 
 
-		ret = sscanf(c, "%d %d %d %x %lx %s\n",
 
+		ret = sscanf(c, "%d %d %d %x %lx %31s\n",
 
 				&port, &status, &speed,
 
 				&devid, &socket, lbusid);