On 09/17/2016 11:25 PM, Fam Zheng wrote: > sscanf is relatively loose (tolerate) on some invalid formats that we > should fail instead of generating a wrong uuid structure, like with > whitespaces and short strings. > > Add and use a helper function to first check the format. > > Signed-off-by: Fam Zheng <f...@redhat.com> > --- > util/uuid.c | 24 +++++++++++++++++++++++- > 1 file changed, 23 insertions(+), 1 deletion(-) >
> > +static bool qemu_uuid_is_valid(const char *str) > +{ > + int i; > + > + for (i = 0; i < strlen(str); i++) { > + const char c = str[i]; > + if (i == 8 || i == 13 || i == 18 || i == 23) { > + if (str[i] != '-') { > + return false; > + } > + } else { > + if ((c >= '0' && c <= '9') || > + (c >= 'A' && c <= 'F') || > + (c >= 'a' && c <= 'f')) { > + continue; > + } > + return false; > + } > + } > + return i == 36; > +} Quite verbose, compared to my earlier suggestion of just checking that all bytes in the string are valid (but not worrying about positions, because sscanf mostly does that): strspn(str, "0123456789abcdefABCDEF-") == 36 && !str[36] and then tightening sscanf() (now that we've rejected whitespace via strspn(), all that remains is to ensure we parsed as much as we were expecting), as in: sscanf(str, UUID_FMT "%n", &uuid[0], ... &uuid[15], &len) and then validating that len == 36. But while my approach is a (cryptic) three-line change, yours is easier to check that it is obviously correct. So unless you want to respin because you like playing golf when writing C expressions, Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature