From: Eric Bollengier <eric@baculasystems.com>
Date: Fri, 1 May 2020 12:52:56 +0000 (+0200)
Subject: Fix possible sscanf overflows
X-Git-Tag: Release-9.6.4~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96d4fdea6b838f4bb585c794dd40489b9476156b;p=thirdparty%2Fbacula.git

Fix possible sscanf overflows
---

diff --git a/bacula/src/filed/job.c b/bacula/src/filed/job.c
index 98a50bd3d..eb8fd96b9 100644
--- a/bacula/src/filed/job.c
+++ b/bacula/src/filed/job.c
@@ -1976,7 +1976,7 @@ static int level_cmd(JCR *jcr)
          if (dir->recv() <= 0) {      /* get response */
             goto bail_out;
          }
-         if (sscanf(dir->msg, "btime %s", buf) != 1) {
+         if (sscanf(dir->msg, "btime %50s", buf) != 1) {
             goto bail_out;
          }
          his_time = str_to_uint64(buf);
diff --git a/bacula/src/stored/dircmd.c b/bacula/src/stored/dircmd.c
index 3128d25c4..5bd044613 100644
--- a/bacula/src/stored/dircmd.c
+++ b/bacula/src/stored/dircmd.c
@@ -309,7 +309,7 @@ static bool client_cmd(JCR *jcr)
 
    Dmsg1(100, "ClientCmd: %s", dir->msg);
    jcr->sd_calls_client = true;
-   if (sscanf(dir->msg, "client address=%s port=%d ssl=%d", &jcr->client_addr, &client_port,
+   if (sscanf(dir->msg, "client address=%127s port=%d ssl=%d", jcr->client_addr, &client_port,
               &enable_ssl) != 3) {
       pm_strcpy(jcr->errmsg, dir->msg);
       Jmsg(jcr, M_FATAL, 0, _("[SF0101] Bad client command: %s"), jcr->errmsg);
diff --git a/bacula/src/tools/bsnapshot.c b/bacula/src/tools/bsnapshot.c
index 68495db56..ca1438e02 100644
--- a/bacula/src/tools/bsnapshot.c
+++ b/bacula/src/tools/bsnapshot.c
@@ -586,7 +586,7 @@ public:
 
          /* Each line is supposed to start with "ID", and end with "path" */
          bool ok = false;
-         if (sscanf(p, "ID %50s ", id) == 1) {              /* We found ID, look for path */
+         if (sscanf(p, "ID %49s ", id) == 1) {              /* We found ID, look for path */
             p2 = strstr(p, "path ");
             if (p2) {
                path = p2 + strlen("path ");
@@ -597,7 +597,7 @@ public:
                strcpy(v->path, path);
 
                p2 = strstr(p, "otime");
-               if (p2 && sscanf(p2, "otime %50s %50s", day, hour) == 2) {
+               if (p2 && sscanf(p2, "otime %49s %49s", day, hour) == 2) {
                   bsnprintf(v->otime, sizeof(v->otime), "%s %s", day, hour);
                }
 
@@ -671,7 +671,7 @@ public:
          }
 
          /* Each line is supposed to start with "ID", and end with "path" */
-         ok = (sscanf(p, "ID %50s ", id) == 1);
+         ok = (sscanf(p, "ID %49s ", id) == 1);
          if (ok) {              /* We found ID, look for path */
             p = strstr(p, "path ");
             if (p) {
@@ -940,7 +940,7 @@ public:
             /* Flush the current one */
             if (!arg->device || strcmp(arg->device, buf[0]) == 0) {
 
-               if (sscanf(buf[3], "%s %s %d %d:%d %d",
+               if (sscanf(buf[3], "%49s %49s %d %d:%d %d",
                           DayW, Month, &Day, &Hour, &Min, &Year) == 6)
                {
                   /* Get a clean iso format */