linux-user: Check sscanf return value in open_net_route()

Coverity warns (CID 1390634) that open_net_route() is not checking the return value from sscanf(), which means that it might then use values that aren't initialized. Errors here should in general not happen since we're passing an assumed-good /proc/net/route from the host kernel, but if we do fail to parse a line then just skip it in the output we pass to the guest. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20190205174207.9278-1-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-02-05 17:42:07 +00:00 · 2019-02-05 17:42:07 +00:00 · 9d0bd0cdd0
parent 22e4a267a6
commit 9d0bd0cdd0
1 changed files with 9 additions and 3 deletions
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@ -6768,9 +6768,15 @@ static int open_net_route(void *cpu_env, int fd)
        char iface[16];
        uint32_t dest, gw, mask;
        unsigned int flags, refcnt, use, metric, mtu, window, irtt;
-        sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
-                     iface, &dest, &gw, &flags, &refcnt, &use, &metric,
-                     &mask, &mtu, &window, &irtt);
+        int fields;
+
+        fields = sscanf(line,
+                        "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
+                        iface, &dest, &gw, &flags, &refcnt, &use, &metric,
+                        &mask, &mtu, &window, &irtt);
+        if (fields != 11) {
+            continue;
+        }
        dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
                iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
                metric, tswap32(mask), mtu, window, irtt);