osaf/services/saf/amf/amfnd/main.cc | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
* Calling risky function (SECURE_CODING)
fix buffer overflow if a string longer than 31 chars is specified for
"node_type"
diff --git a/osaf/services/saf/amf/amfnd/main.cc
b/osaf/services/saf/amf/amfnd/main.cc
--- a/osaf/services/saf/amf/amfnd/main.cc
+++ b/osaf/services/saf/amf/amfnd/main.cc
@@ -197,7 +197,9 @@
return AVSV_AVND_CARD_PAYLOAD;
}
- if ((bytes = fscanf(f, "%s", buf)) > 0) {
+ // @todo would be nice to convert this to C++
+ // temp fix to avoid buffer overflow. buf can hold 31 chars, excluding
NULL terminator.
+ if ((bytes = fscanf(f, "%31s", buf)) > 0) {
if (strncmp(buf, "controller", sizeof(buf)) == 0) {
TRACE("Node type: controller");
type = AVSV_AVND_CARD_SYS_CON;
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel
