Commit 9d0bd0cd authored Feb 05, 2019 by Peter Maydell Committed by Laurent Vivier Feb 07, 2019

linux-user: Check sscanf return value in open_net_route()



Coverity warns (CID 1390634) that open_net_route() is not
checking the return value from sscanf(), which means that
it might then use values that aren't initialized.

Errors here should in general not happen since we're passing
an assumed-good /proc/net/route from the host kernel, but
if we do fail to parse a line then just skip it in the output
we pass to the guest.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20190205174207.9278-1-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>

parent 22e4a267

linux-user/syscall.c

+9 −3

Original line number	Diff line number	Diff line
		@@ -6768,9 +6768,15 @@ static int open_net_route(void *cpu_env, int fd)
		char iface[16];
		uint32_t dest, gw, mask;
		unsigned int flags, refcnt, use, metric, mtu, window, irtt;
		sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
		int fields;

		fields = sscanf(line,
		"%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
		iface, &dest, &gw, &flags, &refcnt, &use, &metric,
		&mask, &mtu, &window, &irtt);
		if (fields != 11) {
		continue;
		}
		dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
		iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
		metric, tswap32(mask), mtu, window, irtt);