Project

General

Profile

Bug #6753

Updated by Victor Julien 10 months ago

Failing to check that a call to 'scanf' actually writes to an output variable can lead to unexpected behavior at reading time. 
 This variable is read, but may not have been written; hence it should be guarded by a check that the ["call to sscanf"|"relative:///src/detect-cipservice.c:160:9:160:14"] returns at least 1. 

 Affected file & code: suricata/src/detect-cipservice.c; Line 161,Column 22-24. 
 <pre><code class="c"> 
         } else if ((num > MAX_CIP_ATTRIBUTE) && (i == 2))//if service greater than 16 bit 
         { 
             SCLogError("invalid CIP attribute %lu", num); 
             goto error; 
         } 

         sscanf(token, "%2" SCNu8, &var); 
         input[i++] = var; 

         token = strtok_r(NULL, delims, &save); 
     } 
 </code></pre> 

Back