sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-09 00:00:53 -04:00
Code Issues Projects Releases Wiki Activity

libimcv: Make sure the first argument to sscanf() is null-terminated

Browse Source
This commit is contained in:
Tobias Brunner 2017-05-23 12:24:01 +02:00
parent 411bda6836
commit c001716642
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libimcv/ietf/ietf_attr_op_status.c
View File

@ -170,6 +170,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
chunk_t last_use; chunk_t last_use;
uint16_t reserved; uint16_t reserved;
struct tm t; struct tm t;
char buf[BUF_LEN];
*offset = 0; *offset = 0;
@ -208,7 +209,8 @@ METHOD(pa_tnc_attr_t, process, status_t,
*offset = 4; *offset = 4;
/* Conversion from RFC 3339 ASCII string to time_t */ /* Conversion from RFC 3339 ASCII string to time_t */
if (sscanf(last_use.ptr, "%4d-%2d-%2dT%2d:%2d:%2dZ", &t.tm_year, &t.tm_mon, snprintf(buf, sizeof(buf), "%.*s", (int)last_use.len, last_use.ptr);
if (sscanf(buf, "%4d-%2d-%2dT%2d:%2d:%2dZ", &t.tm_year, &t.tm_mon,
&t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec) != 6) &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec) != 6)
{ {
DBG1(DBG_TNC, "invalid last_use time format in IETF operational status"); DBG1(DBG_TNC, "invalid last_use time format in IETF operational status");

4
src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
View File

@ -263,13 +263,15 @@ bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time)
{ {
int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec, tm_secs; int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec, tm_secs;
int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap; int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap;
char buf[BUF_LEN];
if (memeq(utc_undefined_time_str, utc_time.ptr, utc_time.len)) if (memeq(utc_undefined_time_str, utc_time.ptr, utc_time.len))
{ {
*measurement_time = 0; *measurement_time = 0;
return TRUE; return TRUE;
} }
if (sscanf(utc_time.ptr, "%4d-%2d-%2dT%2d:%2d:%2dZ", snprintf(buf, sizeof(buf), "%.*s", (int)utc_time.len, utc_time.ptr);
if (sscanf(buf, "%4d-%2d-%2dT%2d:%2d:%2dZ",
&tm_year, &tm_mon, &tm_day, &tm_hour, &tm_min, &tm_sec) != 6) &tm_year, &tm_mon, &tm_day, &tm_hour, &tm_min, &tm_sec) != 6)
{ {
return FALSE; return FALSE;