1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

security: fix "Unchecked return value" from sscanf()

By (void) prefixing it and adding a comment. Did some minor related
cleanups.

Coverity CID 1299423.
This commit is contained in:
Daniel Stenberg 2015-05-22 16:52:03 +02:00
parent 1514977bcd
commit e582cd16ff

View File

@ -359,7 +359,7 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer,
int */ int */
int decoded_len; int decoded_len;
char *buf; char *buf;
int ret_code; int ret_code = 0;
size_t decoded_sz = 0; size_t decoded_sz = 0;
CURLcode error; CURLcode error;
@ -388,13 +388,13 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer,
} }
buf[decoded_len] = '\0'; buf[decoded_len] = '\0';
DEBUGASSERT(decoded_len > 3); if(decoded_len <= 3)
if(buf[3] == '-') /* suspiciously short */
ret_code = 0; return 0;
else {
/* Check for error? */ if(buf[3] != '-')
/* safe to ignore return code */
(void)sscanf(buf, "%d", &ret_code); (void)sscanf(buf, "%d", &ret_code);
}
if(buf[decoded_len - 1] == '\n') if(buf[decoded_len - 1] == '\n')
buf[decoded_len - 1] = '\0'; buf[decoded_len - 1] = '\0';
@ -437,8 +437,8 @@ static int sec_set_protection_level(struct connectdata *conn)
pbsz = strstr(conn->data->state.buffer, "PBSZ="); pbsz = strstr(conn->data->state.buffer, "PBSZ=");
if(pbsz) { if(pbsz) {
/* FIXME: Checks for errors in sscanf? */ /* ignore return code, use default value if it fails */
sscanf(pbsz, "PBSZ=%u", &buffer_size); (void)sscanf(pbsz, "PBSZ=%u", &buffer_size);
if(buffer_size < conn->buffer_size) if(buffer_size < conn->buffer_size)
conn->buffer_size = buffer_size; conn->buffer_size = buffer_size;
} }