Project

General

Profile

Actions

Bug #6753

closed

detect/cip: missing return-value check for a 'scanf'-like function

Added by Daniel Olatunji 11 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Failing to check that a call to 'scanf' actually writes to an output variable can lead to unexpected behavior at reading time.
This variable is read, but may not have been written; hence it should be guarded by a check that the ["call to sscanf"|"relative:///src/detect-cipservice.c:160:9:160:14"] returns at least 1.

Affected file & code: suricata/src/detect-cipservice.c; Line 161,Column 22-24.

        } else if ((num > MAX_CIP_ATTRIBUTE) && (i == 2))//if service greater than 16 bit
        {
            SCLogError("invalid CIP attribute %lu", num);
            goto error;
        }

        sscanf(token, "%2" SCNu8, &var);
        input[i++] = var;

        token = strtok_r(NULL, delims, &save);
    }


Related issues 2 (1 open1 closed)

Related to Suricata - Optimization #6714: CI: run more CodeQL queriesAssignedDaniel OlatunjiActions
Related to Suricata - Feature #3958: enip: convert protocol parser to rustClosedPhilippe AntoineActions
Actions #1

Updated by Daniel Olatunji 11 months ago

Actions #2

Updated by Victor Julien 11 months ago

  • Status changed from New to Assigned
  • Target version changed from 7.0.2 to 8.0.0-beta1
Actions #3

Updated by Victor Julien 11 months ago

  • Description updated (diff)
Actions #5

Updated by Philippe Antoine 7 months ago

Will be fixed by #3958

Actions #6

Updated by Philippe Antoine 7 months ago

  • Related to Feature #3958: enip: convert protocol parser to rust added
Actions #7

Updated by Philippe Antoine 7 months ago

  • Status changed from Assigned to Closed
Actions

Also available in: Atom PDF