On 09/17/2016 11:25 PM, Fam Zheng wrote: > sscanf is relatively loose (tolerate) on some invalid formats that we > should fail instead of generating a wrong uuid structure, like with > whitespaces and short strings. > > Add and use a helper function to first check the format. > > Signed-off-by: Fam Zheng <f...@redhat.com> > --- > util/uuid.c | 24 +++++++++++++++++++++++- > 1 file changed, 23 insertions(+), 1 deletion(-) >
>
> +static bool qemu_uuid_is_valid(const char *str)
> +{
> + int i;
> +
> + for (i = 0; i < strlen(str); i++) {
> + const char c = str[i];
> + if (i == 8 || i == 13 || i == 18 || i == 23) {
> + if (str[i] != '-') {
> + return false;
> + }
> + } else {
> + if ((c >= '0' && c <= '9') ||
> + (c >= 'A' && c <= 'F') ||
> + (c >= 'a' && c <= 'f')) {
> + continue;
> + }
> + return false;
> + }
> + }
> + return i == 36;
> +}
Quite verbose, compared to my earlier suggestion of just checking that
all bytes in the string are valid (but not worrying about positions,
because sscanf mostly does that):
strspn(str, "0123456789abcdefABCDEF-") == 36 && !str[36]
and then tightening sscanf() (now that we've rejected whitespace via
strspn(), all that remains is to ensure we parsed as much as we were
expecting), as in:
sscanf(str, UUID_FMT "%n", &uuid[0], ... &uuid[15], &len)
and then validating that len == 36.
But while my approach is a (cryptic) three-line change, yours is easier
to check that it is obviously correct. So unless you want to respin
because you like playing golf when writing C expressions,
Reviewed-by: Eric Blake <ebl...@redhat.com>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
