[Dovecot] dovecot patch: do scanf correctly
Jann Horn
jann at thejh.net
Sun Nov 24 08:05:45 EET 2013
As far as I can tell, there are two places in which dovecot does not use scanf
properly. This patch should fix that.
--------------------------------------------------------------------------------
diff -r 8a3d0426f514 src/lib-dns/dns-lookup.c
--- a/src/lib-dns/dns-lookup.c Sat Nov 23 23:22:09 2013 +0000
+++ b/src/lib-dns/dns-lookup.c Sun Nov 24 06:30:12 2013 +0100
@@ -102,7 +102,7 @@
}
/* first line: <ret> <ip count> */
if (sscanf(line, "%d %u", &result->ret,
- &result->ips_count) == 0)
+ &result->ips_count) != 2)
return -1;
if (result->ret != 0) {
result->error = net_gethosterror(result->ret);
diff -r 8a3d0426f514 src/lib-settings/settings.c
--- a/src/lib-settings/settings.c Sat Nov 23 23:22:09 2013 +0000
+++ b/src/lib-settings/settings.c Sun Nov 24 06:30:12 2013 +0100
@@ -44,7 +44,7 @@
{
int num;
- if (!sscanf(value, "%i", &num) || num < 0)
+ if (sscanf(value, "%i", &num) != 1 || num < 0)
return t_strconcat("Invalid number: ", value, NULL);
*result = num;
return NULL;
--------------------------------------------------------------------------------
Specifically, both invocations disregard that sscanf("", "%d", &num) and similar
make sscanf return EOF (-1 on my system) and the first invocation also does not
account for the case that the second argument is not matched.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20131124/42b6d1aa/attachment.bin>
More information about the dovecot
mailing list