crewID/libnfc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix cppcheck warning "scanf without field width limits can crash with huge input data"

Browse source 
Fix following warnings:
[examples/pn53x-tamashell.c:162]: (warning) scanf without field width limits can crash with huge input data
[libnfc/drivers/acr122_pcsc.c:261]: (warning) scanf without field width limits can crash with huge input data
[libnfc/drivers/acr122s.c:441]: (warning) scanf without field width limits can crash with huge input data
[libnfc/drivers/arygon.c:210]: (warning) scanf without field width limits can crash with huge input data
[libnfc/drivers/arygon.c:522]: (warning) scanf without field width limits can crash with huge input data
[libnfc/drivers/pn532_uart.c:187]: (warning) scanf without field width limits can crash with huge input data
[utils/nfc-relay-picc.c:176]: (warning) scanf without field width limits can crash with huge input data
This commit is contained in:
Philippe Teuwen 2013-03-06 00:52:08 +01:00
parent 4769392157
commit d577fda412
6 changed files with 9 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
libnfc/drivers/acr122_pcsc.c
View file

@ -258,7 +258,7 @@ acr122_pcsc_open(const nfc_context *context, const nfc_connstring connstring)
if (strlen(ndd.pcsc_device_name) < 5) { // We can assume it's a reader ID as pcsc_name always ends with "NN NN"
// Device was not specified, only ID, retrieve it
size_t index;
if (sscanf(ndd.pcsc_device_name, "%lu", &index) != 1)
if (sscanf(ndd.pcsc_device_name, "%4lu", &index) != 1)
return NULL;
nfc_connstring *ncs = malloc(sizeof(nfc_connstring) * (index + 1));
if (!ncs) {

2
libnfc/drivers/acr122s.c
View file

@ -438,7 +438,7 @@ acr122s_connstring_decode(const nfc_connstring connstring, struct acr122s_descri
return 2;
}
unsigned long speed;
if (sscanf(speed_s, "%lu", &speed) != 1) {
if (sscanf(speed_s, "%10lu", &speed) != 1) {
// speed_s is not a number
free(cs);
return 2;

6
libnfc/drivers/arygon.c
View file

@ -207,7 +207,7 @@ arygon_connstring_decode(const nfc_connstring connstring, struct arygon_descript
return 2;
}
unsigned long speed;
if (sscanf(speed_s, "%lu", &speed) != 1) {
if (sscanf(speed_s, "%10lu", &speed) != 1) {
// speed_s is not a number
free(cs);
return 2;
@ -519,7 +519,9 @@ arygon_firmware(nfc_device *pnd, char *str)
if (0 == memcmp(abtRx, arygon_error_none, 6)) {
uint8_t *p = abtRx + 6;
unsigned int szData;
sscanf((const char *)p, "%02x%s", &szData, p);
sscanf((const char *)p, "%02x%9s", &szData, p);
if (szData > 9)
szData = 9;
memcpy(str, p, szData);
*(str + szData) = '\0';
}

2
libnfc/drivers/pn532_uart.c
View file

@ -184,7 +184,7 @@ pn532_connstring_decode(const nfc_connstring connstring, struct pn532_uart_descr
return 2;
}
unsigned long speed;
if (sscanf(speed_s, "%lu", &speed) != 1) {
if (sscanf(speed_s, "%10lu", &speed) != 1) {
// speed_s is not a number
free(cs);
return 2;