summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2011-11-22 22:58:52 -0800
committerAlan Coopersmith <alan.coopersmith@oracle.com>2011-11-30 18:56:36 -0800
commitc358556c1badee4d8b75e23f1cd84abff393b6ac (patch)
treed27a6d896575bd8dac7995658ff4aaf41a17273e
parent24d38c420d5d60c988f07dd25f7fa81171dac64f (diff)
Add size limit to scanf string specifier
While it's tempting to just switch to fgets(), that would require implementing our own whitespace stripping to match the current scanf behavior. Fixes parfait static analysis warning: Error: Buffer overrun Buffer overflow (CWE 120): Use of fscanf(%s), with buffer 'buf' at line 135 of app/xsm/lock.c in function 'GetLockId'. [ This bug was found by the Parfait 0.3.7 bug checking tool. For more information see http://labs.oracle.com/projects/parfait/ ] Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
-rw-r--r--lock.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/lock.c b/lock.c
index 9a4553a..d51d09e 100644
--- a/lock.c
+++ b/lock.c
@@ -132,7 +132,7 @@ GetLockId(const char *session_name)
}
buf[0] = '\0';
- fscanf (fp, "%s\n", buf);
+ fscanf (fp, "%255s\n", buf);
ret = XtNewString (buf);
fclose (fp);