diff mbox series

cve-2016-10044: Check sscanf matches and syntax fixups

Message ID 20230905083713.12312-1-rpalethorpe@suse.com
State Accepted
Headers show
Series cve-2016-10044: Check sscanf matches and syntax fixups | expand

Commit Message

Richard Palethorpe Sept. 5, 2023, 8:37 a.m. UTC 
The test appears to work, but we were not checking that sscanf fills
the expected number of fields. Also the trailing 7 probably had no
effect, but is a confusing typo.

Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
Reported-by: Avinesh Kumar <akumar@suse.de>
---
 testcases/cve/cve-2016-10044.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Cyril Hrubis Sept. 5, 2023, 8:45 a.m. UTC | #1 
Hi!
Good catch.

Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
Richard Palethorpe Sept. 5, 2023, 8:53 a.m. UTC | #2 
thanks pushed

Cyril Hrubis <chrubis@suse.cz> writes:

> Hi!
> Good catch.
>
> Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
diff mbox series

Patch

diff --git a/testcases/cve/cve-2016-10044.c b/testcases/cve/cve-2016-10044.c
index 9ac644fc2..6a8c77f3e 100644
--- a/testcases/cve/cve-2016-10044.c
+++ b/testcases/cve/cve-2016-10044.c
@@ -19,7 +19,7 @@ 
 #include "tst_safe_stdio.h"
 #include "lapi/syscalls.h"
 
-static FILE *f;
+static FILE * f;
 
 static void cleanup(void)
 {
@@ -29,7 +29,7 @@  static void cleanup(void)
 
 static void run(void)
 {
-	void* ctx = 0;
+	void *ctx = 0;
 	char perms[8], line[BUFSIZ];
 
 	SAFE_PERSONALITY(READ_IMPLIES_EXEC);
@@ -44,7 +44,7 @@  static void run(void)
 	tst_brk(TCONF, "Could not find mapping in /proc/self/maps");
 
 found_mapping:
-	if (sscanf(line, "%*x-%*x %s7", perms) < 0)
+	if (sscanf(line, "%*x-%*x %s", perms) != 1)
 		tst_brk(TBROK, "failed to find permission string in %s", line);
 	if (strchr(perms, (int)'x'))
 		tst_res(TFAIL, "AIO mapping is executable: %s!", perms);