From: Grayson Nocera <gnocera@purdue.edu>
Date: Mon, 25 Nov 2024 20:33:02 +0000 (-0500)
Subject: tools: specify buffer to be size PATH_MAX
X-Git-Tag: v34~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47bc9145fcf61ff335059ae169e144c11123ec4d;p=thirdparty%2Fkmod.git

tools: specify buffer to be size PATH_MAX

Using a CodeQL query, I discovered that the destination of a `sscanf` call could overflow.
Thus, we bound the buffer size to be PATH_MAX, to ensure that it is
not larger than `modname` or `devname`.

Signed-off-by: Grayson Nocera <gnocera@purdue.edu>
Suggested-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Link: https://github.com/kmod-project/kmod/pull/260
Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com>
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---

diff --git a/tools/static-nodes.c b/tools/static-nodes.c
index 4914d0c3..0ecb9030 100644
--- a/tools/static-nodes.c
+++ b/tools/static-nodes.c
@@ -144,7 +144,7 @@ static void help(void)
 static int do_static_nodes(int argc, char *argv[])
 {
 	struct utsname kernel;
-	char modules[PATH_MAX], buf[4096];
+	char modules[PATH_MAX], buf[PATH_MAX];
 	const char *output = "/dev/stdout";
 	FILE *in = NULL, *out = NULL;
 	const struct static_nodes_format *format = &static_nodes_format_human;