Guys,
I see few problems with the function idbm_recinfo_config(). Can someone
please take a look and confirm ?
void idbm_recinfo_config(recinfo_t *info, FILE *f)
{
char name[NAME_MAXVAL];
char value[VALUE_MAXVAL];
char *line, *nl, buffer[2048];
int line_number = 0;
int c = 0, i;
fseek(f, 0, SEEK_SET);
/* process the config file */
do {
line = fgets(buffer, sizeof (buffer), f);
line_number++;
if (!line)
continue;
nl = line + strlen(line) - 1;
if (*nl != '\n') {
log_warning("Config file line %d too long.",
line_number);
continue;
}
Here, if the line is too long that it cannot fit into the buffer, shouldn't
we need to ignore the rest of the line ?
Secondly, while reading the "name", we do not check for the array size.
/* parse name */
i=0; nl = line; *name = 0;
while (*nl && !isspace(c = *nl) && *nl != '=') {
*(name+i) = *nl; i++; nl++; <<< we may go beyond end of array
"name".
}
Similarly, we can go beyond end of array "value".
while (*nl) {
*(value+i) = *nl; i++; nl++;
}
thanks,
rahul
--
You received this message because you are subscribed to the Google Groups
"open-iscsi" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/open-iscsi/-/f3nnefBafawJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/open-iscsi?hl=en.
