smartctl.cpp: Fix possible buffer overflow (#1546).

An overflow of 1-2 bytes occurred only if the '-n' option was specified with an invalid argument. git-svn-id: https://svn.code.sf.net/p/smartmontools/code/trunk@5260 4ea69e1a-61f1-4043-bf83-b5c94c648137

smartctl.cpp: Fix possible buffer overflow (#1546).
An overflow of 1-2 bytes occurred only if the '-n' option was specified with an invalid argument. git-svn-id: https://svn.code.sf.net/p/smartmontools/code/trunk@5260 4ea69e1a-61f1-4043-bf83-b5c94c648137
72adfde6 · chrfranke · 41c67b33 · 72adfde6 · 72adfde6
Commit 72adfde6 authored Nov 29, 2021 by chrfranke
--- a/smartmontools/ChangeLog
+++ b/smartmontools/ChangeLog
 $Id$

+2021-11-29  Christian Franke  <franke@computer.org>
+
+	smartctl.cpp: Fix possible buffer overflow (#1546).
+	An overflow of 1-2 bytes occurred only if the '-n' option
+	was specified with an invalid argument.
+
 2021-11-28  Christian Franke  <franke@computer.org>

 	smartd.cpp: Fix write of ATA attributes to state files.

--- a/smartmontools/smartctl.cpp
+++ b/smartmontools/smartctl.cpp
@@ -871,7 +871,7 @@ static int parse_options(int argc, char** argv, const char * & type,
      else {
        int n1 = -1, n2 = -1, n3 = -1, len = strlen(optarg);
        char s[7+1]; unsigned i = FAILPOWER, j = 0;
-        sscanf(optarg, "%9[a-z]%n,%u%n,%u%n", s, &n1, &i, &n2, &j, &n3);
+        sscanf(optarg, "%7[a-z]%n,%u%n,%u%n", s, &n1, &i, &n2, &j, &n3);
        if (!((n1 == len || n2 == len || n3 == len) && i <= 255 && j <= 255))
          badarg = true;
        else if (!strcmp(s, "sleep")) {