Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: fix sscanf rv checks (CodeQL) #6184

Merged
merged 1 commit into from
Feb 4, 2024
Merged

security: fix sscanf rv checks (CodeQL) #6184

merged 1 commit into from
Feb 4, 2024

Conversation

kmk3
Copy link
Collaborator

@kmk3 kmk3 commented Feb 1, 2024

Fix the following CodeQL warning (CWE-253)[1]:

Rule ID: cpp/incorrectly-checked-scanf

The result of scanf is only checked against 0, but it can also return
EOF.

Functions in the scanf family return either EOF (a negative value) in
case of IO failure, or the number of items successfully read from the
input. Consequently, a simple check that the return value is nonzero
is not enough.

Recommendation

Ensure that all uses of scanf check the return value against the
expected number of arguments rather than just against zero.

Note: The affected code portions attempt to read values from /etc/passwd
and /etc/group, so invalid input seems unlikely to be the case. Either
way, the changes make the checks in question more consistent with
similar sscanf return value checks in the rest of the code.

Added on commit 4f003da ("prevent leaking user information by
modifying /home directory, /etc/passwd and /etc/group", 2015-11-19).

[1] https://github.com/netblue30/firejail/security/code-scanning/32

@kmk3 kmk3 added this to In progress in Release 0.9.74 via automation Feb 1, 2024
@kmk3
security: fix sscanf rv checks (CodeQL)
ef2f5f3 
Fix the following CodeQL warning (CWE-253)[1]:

> Rule ID: cpp/incorrectly-checked-scanf

> The result of scanf is only checked against 0, but it can also return
> EOF.

> Functions in the scanf family return either EOF (a negative value) in
> case of IO failure, or the number of items successfully read from the
> input.  Consequently, a simple check that the return value is nonzero
> is not enough.
>
> Recommendation
>
> Ensure that all uses of scanf check the return value against the
> expected number of arguments rather than just against zero.

Note: The affected code portions attempt to read values from /etc/passwd
and /etc/group, so invalid input seems unlikely to be the case.  Either
way, the changes make the checks in question more consistent with
similar sscanf return value checks in the rest of the code.

Added on commit 4f003da ("prevent leaking user information by
modifying /home directory, /etc/passwd and /etc/group", 2015-11-19).

[1] https://github.com/netblue30/firejail/security/code-scanning/32
@kmk3 kmk3 changed the title bugfix: fix sscanf rv checks (CodeQL) security: fix sscanf rv checks (CodeQL) Feb 2, 2024
@kmk3 kmk3 merged commit db3146b into netblue30:master Feb 4, 2024
13 checks passed
@kmk3 kmk3 deleted the fix-sscanf-rv branch February 4, 2024 23:24
kmk3 added a commit that referenced this pull request Feb 5, 2024
@kmk3
RELNOTES: add many items
1c94947 
Relates to #6172 #6178 #6184 #6186 #6187.
@kmk3 kmk3 moved this from In progress to Done (on RELNOTES) in Release 0.9.74 Feb 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
Release 0.9.74
  
Done (on RELNOTES)
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@kmk3