From ab7e3e8750f26c4a9b538762d7764ff3fecae20e Mon Sep 17 00:00:00 2001 From: Munkyu Im Date: Tue, 11 Apr 2017 23:34:35 +0900 Subject: [PATCH] misc: avoid potential buffer overflows Change-Id: I9c0c8c389cb502719d531a8495f4e35539606ffa Signed-off-by: Munkyu Im (cherry picked from commit 31061870b2693168025f6d6717c1ea8e8ae8c3e6) --- src/default_plugin_appcmd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/default_plugin_appcmd.c b/src/default_plugin_appcmd.c index 643fb77..62a0217 100644 --- a/src/default_plugin_appcmd.c +++ b/src/default_plugin_appcmd.c @@ -300,7 +300,7 @@ static void appcmd_receiver_debugwebapp(int fd_in, int fd_out) D("debug webapp output : %s\n", buf); sub_str = strstr(buf, "port: "); - if (sub_str != NULL && sscanf(sub_str, "port: %s", port_str) == 1) { + if (sub_str != NULL && sscanf(sub_str, "port: %31s", port_str) == 1) { snprintf(out_buf, sizeof(out_buf), "\n%s:%s\n", MESSAGE_PREFIX_APPCMD_RETURN, port_str); writex(fd_out, out_buf, strlen(out_buf)+1); break; @@ -411,13 +411,13 @@ static void appcmd_receiver_appinfo(int fd_in, int fd_out) if (!strncmp(buf, "Appid: ", 7)) { memset(appid, 0, sizeof(appid)); - sscanf(buf, "Appid: %s", appid); + sscanf(buf, "Appid: %127s", appid); snprintf(out_buf+out_ptr, sizeof(out_buf)-out_ptr, ":%s", appid); out_ptr += strlen(appid)+1; } else if (!strncmp(buf, "Apptype: ", 9)) { memset(apptype, 0, sizeof(apptype)); - sscanf(buf, "Apptype: %s", apptype); + sscanf(buf, "Apptype: %127s", apptype); snprintf(out_buf+out_ptr, sizeof(out_buf)-out_ptr, ":%s", apptype); out_ptr += strlen(apptype)+1; -- 2.7.4