Project

General

Profile

Actions
Copy link

Bug #6753

open

detect/cip: missing return-value check for a 'scanf'-like function

Added by Daniel Olatunji 3 months ago. Updated 2 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Daniel Olatunji
Target version:
8.0.0-beta1
Affected Versions:
7.0.2, git master
Effort:
Difficulty:
Label:

Description

Failing to check that a call to 'scanf' actually writes to an output variable can lead to unexpected behavior at reading time.
This variable is read, but may not have been written; hence it should be guarded by a check that the ["call to sscanf"|"relative:///src/detect-cipservice.c:160:9:160:14"] returns at least 1.

Affected file & code: suricata/src/detect-cipservice.c; Line 161,Column 22-24.

        } else if ((num > MAX_CIP_ATTRIBUTE) && (i == 2))//if service greater than 16 bit
        {
            SCLogError("invalid CIP attribute %lu", num);
            goto error;
        }

        sscanf(token, "%2" SCNu8, &var);
        input[i++] = var;

        token = strtok_r(NULL, delims, &save);
    }

Related issues 1 (1 open0 closed)

Related to Suricata - Optimization #6714: CI: run more CodeQL queriesAssignedDaniel OlatunjiActions
Actions
Copy link
 #1

Updated by Daniel Olatunji 3 months ago

Actions
Copy link
 #2

Updated by Victor Julien 3 months ago

  • Status changed from New to Assigned
  • Target version changed from 7.0.2 to 8.0.0-beta1
Actions
Copy link
 #3

Updated by Victor Julien 3 months ago

  • Description updated (diff)
Actions
Copy link

Also available in: Atom PDF