From 9527f4f22cd71feeee8a49866e29cce98408f1e7 Mon Sep 17 00:00:00 2001 From: thorkill Date: Mon, 1 May 2017 12:40:22 +0200 Subject: [PATCH] Sanitize input in id_h - prevent integer overflows --- src/protocol_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 31906ba..baf9eac 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -281,7 +281,7 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat bool id_h(connection_t *c, const char *request) { char name[MAX_STRING_SIZE]; - if(sscanf(request, "%*d " MAX_STRING " %d.%d", name, &c->protocol_major, &c->protocol_minor) < 2) { + if(sscanf(request, "%*d " MAX_STRING " %2d.%3d", name, &c->protocol_major, &c->protocol_minor) < 2) { logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "ID", c->name, c->hostname); return false; -- 2.25.1