Actions
Bug #6753
closeddetect/cip: missing return-value check for a 'scanf'-like function
Affected Versions:
Effort:
Difficulty:
Label:
Description
Failing to check that a call to 'scanf' actually writes to an output variable can lead to unexpected behavior at reading time.
This variable is read, but may not have been written; hence it should be guarded by a check that the ["call to sscanf"|"relative:///src/detect-cipservice.c:160:9:160:14"] returns at least 1.
Affected file & code: suricata/src/detect-cipservice.c; Line 161,Column 22-24.
} else if ((num > MAX_CIP_ATTRIBUTE) && (i == 2))//if service greater than 16 bit
{
SCLogError("invalid CIP attribute %lu", num);
goto error;
}
sscanf(token, "%2" SCNu8, &var);
input[i++] = var;
token = strtok_r(NULL, delims, &save);
}
Updated by Daniel Olatunji 11 months ago
- Related to Optimization #6714: CI: run more CodeQL queries added
Updated by Victor Julien 11 months ago
- Status changed from New to Assigned
- Target version changed from 7.0.2 to 8.0.0-beta1
Updated by Philippe Antoine 10 months ago
Updated by Philippe Antoine 7 months ago
- Related to Feature #3958: enip: convert protocol parser to rust added
Updated by Philippe Antoine 7 months ago
- Status changed from Assigned to Closed
https://github.com/OISF/suricata/pull/11184
https://github.com/OISF/suricata/security/code-scanning/210 is indeed marked as fixed
Actions