On 09/17/2016 11:25 PM, Fam Zheng wrote:
> sscanf is relatively loose (tolerate) on some invalid formats that we
> should fail instead of generating a wrong uuid structure, like with
> whitespaces and short strings.
>
> Add and use a helper function to first check the format.
>
> Signed-off-by: Fam Zheng
> ---
> util/uuid.c | 24 +++-
> 1 file changed, 23 insertions(+), 1 deletion(-)
>
>
> +static bool qemu_uuid_is_valid(const char *str)
> +{
> +int i;
> +
> +for (i = 0; i < strlen(str); i++) {
> +const char c = str[i];
> +if (i == 8 || i == 13 || i == 18 || i == 23) {
> +if (str[i] != '-') {
> +return false;
> +}
> +} else {
> +if ((c >= '0' && c <= '9') ||
> +(c >= 'A' && c <= 'F') ||
> +(c >= 'a' && c <= 'f')) {
> +continue;
> +}
> +return false;
> +}
> +}
> +return i == 36;
> +}
Quite verbose, compared to my earlier suggestion of just checking that
all bytes in the string are valid (but not worrying about positions,
because sscanf mostly does that):
strspn(str, "0123456789abcdefABCDEF-") == 36 && !str[36]
and then tightening sscanf() (now that we've rejected whitespace via
strspn(), all that remains is to ensure we parsed as much as we were
expecting), as in:
sscanf(str, UUID_FMT "%n", &uuid[0], ... &uuid[15], &len)
and then validating that len == 36.
But while my approach is a (cryptic) three-line change, yours is easier
to check that it is obviously correct. So unless you want to respin
because you like playing golf when writing C expressions,
Reviewed-by: Eric Blake
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
