Stefan Reinauer has submitted this change. ( https://review.coreboot.org/c/em100/+/37423 )
Change subject: curl.c: Limit version string length to buffer length ......................................................................
curl.c: Limit version string length to buffer length
To prevent a buffer overflow, specify the maximum length of the version string being parsed.
Signed-off-by: Stefan Reinauer stefan.reinauer@coreboot.org Change-Id: Id000154d4dd3137408302472b07b476933cc2d56 Reviewed-on: https://review.coreboot.org/c/em100/+/37423 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Patrick Georgi pgeorgi@google.com --- M curl.c 1 file changed, 2 insertions(+), 2 deletions(-)
Approvals: build bot (Jenkins): Verified Patrick Georgi: Looks good to me, approved
diff --git a/curl.c b/curl.c index 95bb05e..6895c62 100644 --- a/curl.c +++ b/curl.c @@ -147,7 +147,7 @@ goto download_all; }
- if (fscanf(old, "Time: %ld\nVersion: %s\n", + if (fscanf(old, "Time: %ld\nVersion: %255s\n", &old_time, old_version) != 2) printf("Parse error in %s.\n", my_version_name);
@@ -164,7 +164,7 @@ free(tmp_version); return 1; } - if (fscanf(new, "Time: %ld\nVersion: %s\n", + if (fscanf(new, "Time: %ld\nVersion: %255s\n", &new_time, new_version) != 2) printf("Parse error in upstream VERSION.\n"); fclose(new);