qemu-stable
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-stable] [PATCH 90/97] slirp: check sscanf result when emulating id

From: Michael Roth
Subject: [Qemu-stable] [PATCH 90/97] slirp: check sscanf result when emulating ident
Date: Mon, 1 Apr 2019 16:00:04 -0500 
From: William Bowling <address@hidden>

When emulating ident in tcp_emu, if the strchr checks passed but the
sscanf check failed, two uninitialized variables would be copied and
sent in the reply, so move this code inside the if(sscanf()) clause.

Signed-off-by: William Bowling <address@hidden>
Cc: address@hidden
Cc: address@hidden
Message-Id: <address@hidden>
Signed-off-by: Samuel Thibault <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
(cherry picked from commit d3222975c7d6cda9e25809dea05241188457b113)
Signed-off-by: Michael Roth <address@hidden>
---
 slirp/tcp_subr.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 8d0f94b75f..473c8b04e6 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -662,12 +662,12 @@ tcp_emu(struct socket *so, struct mbuf *m)
                                                        break;
                                                }
                                        }
+                                       so_rcv->sb_cc = 
snprintf(so_rcv->sb_data,
+                                                                
so_rcv->sb_datalen,
+                                                                "%d,%d\r\n", 
n1, n2);
+                                       so_rcv->sb_rptr = so_rcv->sb_data;
+                                       so_rcv->sb_wptr = so_rcv->sb_data + 
so_rcv->sb_cc;
                                }
-                                so_rcv->sb_cc = snprintf(so_rcv->sb_data,
-                                                         so_rcv->sb_datalen,
-                                                         "%d,%d\r\n", n1, n2);
-                               so_rcv->sb_rptr = so_rcv->sb_data;
-                               so_rcv->sb_wptr = so_rcv->sb_data + 
so_rcv->sb_cc;
                        }
                        m_free(m);
                        return 0;
-- 
2.17.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]