From a90277dfb5eb09ce78cc7cef43b6c7b38e1bbf0f Mon Sep 17 00:00:00 2001
From: Wim Coekaerts <wim.coekaerts@oracle.com>
Date: Sun, 27 Dec 2015 09:29:10 -0800
Subject: [PATCH] criu.c: protect from buffer overrun of version in fscanf()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

while highly unlikely to happen...
char version[1024];

fscanf(.. %[1024] .., version  );

should leave room for null termination

Signed-off-by: Wim Coekaerts <wim.coekaerts@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---
 src/lxc/criu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lxc/criu.c b/src/lxc/criu.c
index 0a0392f6d..6ef490589 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -315,7 +315,7 @@ static bool criu_version_ok()
 			return false;
 		}
 
-		if (fscanf(f, "Version: %1024[^\n]s", version) != 1)
+		if (fscanf(f, "Version: %1023[^\n]s", version) != 1)
 			goto version_error;
 
 		if (fgetc(f) != '\n')
@@ -324,7 +324,7 @@ static bool criu_version_ok()
 		if (strcmp(version, CRIU_VERSION) >= 0)
 			goto version_match;
 
-		if (fscanf(f, "GitID: v%1024[^-]s", version) != 1)
+		if (fscanf(f, "GitID: v%1023[^-]s", version) != 1)
 			goto version_error;
 
 		if (fgetc(f) != '-')
-- 
2.47.2