Prevent buffer overflow with sscanftizen_4.0.m1_releasesubmit/tizen_3.0_common/20170510.075013submit/tizen_3.0/20170428.015157submit/tizen_3.0/20170428.014856submit/tizen_3.0-common/20170510.074450submit/tizen/20170426.041441accepted/tizen/unified/20170426.195730accepted/tizen/3.0/wearable/20170509.223035accepted/tizen/3.0/tv/20170509.223028accepted/tizen/3.0/mobile/20170509.223021accepted/tizen/3.0/ivi/20170509.223043accepted/tizen/3.0/common/20170510.183012tizen_3.0accepted/tizen_3.0_wearableaccepted/tizen_3.0_tvaccepted/tizen_3.0_mobileaccepted/tizen_3.0_iviaccepted/tizen_3.0_common

By allocating string buffer, prevent buffer overlow issue with sscanf.

Change-Id: I5655f1b7049dc457b525dfbc2d351b67616b3f88
Signed-off-by: Hyeongsik Min <hyeongsik.min@samsung.com>

1 files changed, 3 insertions, 2 deletions

diff --git a/memps.c b/memps.c
index d14774e..e29dd9b 100644
--- a/memps.c
+++ b/memps.c
@@ -624,7 +624,7 @@ static int get_tmpfs_info(FILE *output_fp)
 {
 	FILE *fp;
 	char line[BUF_MAX];
-	char tmpfs_mp[NAME_MAX];	/* tmpfs mount point */
+	char *tmpfs_mp;	/* tmpfs mount point */
 	struct statfs tmpfs_info;
 
 	if (output_fp == NULL)
@@ -639,7 +639,7 @@ static int get_tmpfs_info(FILE *output_fp)
 	fprintf(output_fp, "TMPFS INFO\n");
 
 	while (fgets(line, BUF_MAX, fp) != NULL) {
-		if (sscanf(line, "tmpfs %s tmpfs", tmpfs_mp) == 1) {
+		if (sscanf(line, "tmpfs %ms tmpfs", &tmpfs_mp) == 1) {
 			statfs(tmpfs_mp, &tmpfs_info);
 			fprintf(output_fp,
 				"tmpfs %16s  Total %8ld KB, Used %8ld, Avail %8ld\n",
@@ -648,6 +648,7 @@ static int get_tmpfs_info(FILE *output_fp)
 				tmpfs_info.f_blocks * 4,
 				(tmpfs_info.f_blocks - tmpfs_info.f_bfree) * 4,
 				tmpfs_info.f_bfree * 4);
+			free(tmpfs_mp);
 		}
 	}
 	fclose(fp);