On Tue, Oct 22, 2024 at 10:29:44PM +0800, Dehan Meng wrote:
> sscanf return values are checked and add 'Null' check for
> mandatory parameters.
>
> Signed-off-by: Dehan Meng <dem...@redhat.com>
> ---
> qga/commands-linux.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/qga/commands-linux.c b/qga/commands-linux.c
> index 51d5e3d927..f0e9cdd27c 100644
> --- a/qga/commands-linux.c
> +++ b/qga/commands-linux.c
> @@ -2103,7 +2103,9 @@ static char *hexToIPAddress(const void *hexValue, int
> is_ipv6)
> int i;
>
> for (i = 0; i < 16; i++) {
> - sscanf(&hexStr[i * 2], "%02hhx", &in6.s6_addr[i]);
> + if (sscanf(&hex_str[i * 2], "%02hhx", &in6.s6_addr[i]) != 1) {
> + return NULL;
> + }
> }
> inet_ntop(AF_INET6, &in6, addr, INET6_ADDRSTRLEN);
>
> @@ -2164,6 +2166,10 @@ GuestNetworkRouteList
> *qmp_guest_network_get_route(Error **errp)
> networkroute = route;
> networkroute->iface = g_strdup(Iface);
> networkroute->destination = hexToIPAddress(Destination, 1);
> + if (networkroute->destination == NULL) {
> + g_free(route);
> + continue;
> + }
This still hasn't fixed the leak problems identified in the previous
review of the last version
> networkroute->metric = Metric;
> networkroute->source = hexToIPAddress(Source, 1);
> networkroute->desprefixlen = g_strdup_printf(
> @@ -2195,6 +2201,10 @@ GuestNetworkRouteList
> *qmp_guest_network_get_route(Error **errp)
> networkroute = route;
> networkroute->iface = g_strdup(Iface);
> networkroute->destination = hexToIPAddress(&Destination, 0);
> + if (networkroute->destination == NULL) {
> + g_free(route);
> + continue;
> + }
> networkroute->gateway = hexToIPAddress(&Gateway, 0);
> networkroute->mask = hexToIPAddress(&Mask, 0);
> networkroute->metric = Metric;
> --
> 2.40.1
>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
