[Pkg-libvirt-commits] [libguestfs] 72/266: p2v: check results of strndup and sscanf

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag debian/1%1.27.35-1
in repository libguestfs.

commit abbbc832d50dafd2872d0f5fee94e62faa978e82
Author: Pino Toscano <ptoscano at redhat.com>
Date:   Mon Aug 11 15:15:16 2014 +0200

    p2v: check results of strndup and sscanf
---
 p2v/ssh.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/p2v/ssh.c b/p2v/ssh.c
index 1e9b05c..ff906df 100644
--- a/p2v/ssh.c
+++ b/p2v/ssh.c
@@ -505,7 +505,16 @@ open_data_connection (struct config *config, int *local_port, int *remote_port)
                        }, ovector, ovecsize)) {
   case 100:                     /* Ephemeral port. */
     port_str = strndup (&h->buffer[ovector[2]], ovector[3]-ovector[2]);
-    sscanf (port_str, "%d", remote_port);
+    if (port_str == NULL) {
+      set_ssh_error ("not enough memory for strndup");
+      mexp_close (h);
+      return NULL;
+    }
+    if (sscanf (port_str, "%d", remote_port) != 1) {
+      set_ssh_error ("cannot extract the port number from '%s'", port_str);
+      mexp_close (h);
+      return NULL;
+    }
     break;
 
   case MEXP_EOF:

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libguestfs.git