Bug #6753
Updated by Victor Julien 10 months ago
Failing to check that a call to 'scanf' actually writes to an output variable can lead to unexpected behavior at reading time.
This variable is read, but may not have been written; hence it should be guarded by a check that the ["call to sscanf"|"relative:///src/detect-cipservice.c:160:9:160:14"] returns at least 1.
Affected file & code: suricata/src/detect-cipservice.c; Line 161,Column 22-24.
<pre><code class="c">
} else if ((num > MAX_CIP_ATTRIBUTE) && (i == 2))//if service greater than 16 bit
{
SCLogError("invalid CIP attribute %lu", num);
goto error;
}
sscanf(token, "%2" SCNu8, &var);
input[i++] = var;
token = strtok_r(NULL, delims, &save);
}
</code></pre>