jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 23:10:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Avoid unsafe scanf("%s")

Browse Source 
Reading user input into a fixed-length buffer just to check the
first character is silly and an easy buffer overrun.  gcc on
Ubuntu 13.03 warns about the unchecked return value for scanf(),
but scanf("%s") is guaranteed to either succeed or get EOF/EINTR/etc..

In any case, we don't need to use scanf() at all, here -- reuse an
idiom from BSD cp(1) and loop around getchar to read the user's
response, eliminating the fixed-length buffer entirely.  A separate
initial loop is needed to skip leading whitespace, which is done
implicitly by scanf().

Change-Id: Ic5ed65e80146aa3d08a4b03c213f748ef088156b
Reviewed-on: http://gerrit.openafs.org/11758
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
This commit is contained in:
Benjamin Kaduk 2015-02-09 10:38:04 -05:00 committed by Jeffrey Altman
parent 74ffe9bc78
commit c6ec6410af
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/uss/uss_vol.c
View File

@ -34,6 +34,8 @@
#include <afs/afsutil.h>
#include <ubik.h>
#include <ctype.h>
#include "uss_vol.h" /*Interface to this module */
#include "uss_common.h" /*Common definitions */
#include "uss_procs.h" /*Defs from procs module */
@ -584,7 +586,7 @@ uss_vol_CreateVol(char *a_volname, char *a_server, char *a_partition,
char *Oldmpoint = NULL; /*Old mountpoint name, if any */
char tmp_str[uss_MAX_SIZE]; /*Useful string buffer */
int o; /*Owner's user id */
char userinput[64]; /*User's input */
int checkch, ch; /*Read user's confirmation input */
struct uss_subdir *new_dir; /*Used to remember original ACL */
/*
@ -698,8 +700,12 @@ uss_vol_CreateVol(char *a_volname, char *a_server, char *a_partition,
printf
("Overwrite files in pre-existing '%s' volume? [y, n]: ",
a_volname);
scanf("%s", userinput);
if ((userinput[0] == 'y') || (userinput[0] == 'Y')) {
checkch = ch = ' ';
while (isspace(ch))
checkch = ch = getchar();
while (ch != '\n' && ch != EOF)
ch = getchar();
if (checkch == 'y' || checkch == 'Y') {
printf("\t[Overwriting allowed]\n");
uss_OverwriteThisOne = 1;
} else