From 72adfde630d001b8ce780e3effa6f795abc84dc1 Mon Sep 17 00:00:00 2001
From: chrfranke <chrfranke@4ea69e1a-61f1-4043-bf83-b5c94c648137>
Date: Mon, 29 Nov 2021 18:33:26 +0000
Subject: [PATCH] smartctl.cpp: Fix possible buffer overflow (#1546). An
 overflow of 1-2 bytes occurred only if the '-n' option was specified with an
 invalid argument.

git-svn-id: https://svn.code.sf.net/p/smartmontools/code/trunk@5260 4ea69e1a-61f1-4043-bf83-b5c94c648137
---
 smartmontools/ChangeLog    | 6 ++++++
 smartmontools/smartctl.cpp | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/smartmontools/ChangeLog b/smartmontools/ChangeLog
index 9e3bc6f81..ec6b67576 100644
--- a/smartmontools/ChangeLog
+++ b/smartmontools/ChangeLog
@@ -1,5 +1,11 @@
 $Id$
 
+2021-11-29  Christian Franke  <franke@computer.org>
+
+	smartctl.cpp: Fix possible buffer overflow (#1546).
+	An overflow of 1-2 bytes occurred only if the '-n' option
+	was specified with an invalid argument.
+
 2021-11-28  Christian Franke  <franke@computer.org>
 
 	smartd.cpp: Fix write of ATA attributes to state files.
diff --git a/smartmontools/smartctl.cpp b/smartmontools/smartctl.cpp
index 35f839ebe..6bb986548 100644
--- a/smartmontools/smartctl.cpp
+++ b/smartmontools/smartctl.cpp
@@ -871,7 +871,7 @@ static int parse_options(int argc, char** argv, const char * & type,
       else {
         int n1 = -1, n2 = -1, n3 = -1, len = strlen(optarg);
         char s[7+1]; unsigned i = FAILPOWER, j = 0;
-        sscanf(optarg, "%9[a-z]%n,%u%n,%u%n", s, &n1, &i, &n2, &j, &n3);
+        sscanf(optarg, "%7[a-z]%n,%u%n,%u%n", s, &n1, &i, &n2, &j, &n3);
         if (!((n1 == len || n2 == len || n3 == len) && i <= 255 && j <= 255))
           badarg = true;
         else if (!strcmp(s, "sleep")) {
-- 
GitLab