nwfilter: Fix sscanf off-by-one error in virNWFilterSnoopLeaseFileLoad

We allocate 16 bytes for IPv4 address and 55 bytes for interface
key, therefore we should read up to 15/54 bytes and let the last byte
reserved for terminating null byte in sscanf.

https://bugzilla.redhat.com/show_bug.cgi?id=1226400

diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
index 6da8983d51fb82469fb45b7e50e103a6d3804b54..f331e22e9ef78f16ead334d71301831e013a0e76 100644 (file)
--- a/src/nwfilter/nwfilter_dhcpsnoop.c
+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
@@ -1958,8 +1958,8 @@ virNWFilterSnoopLeaseFileLoad(void)
             break;
         }
         ln++;
-        /* key len 55 = "VMUUID"+'-'+"MAC" */
-        if (sscanf(line, "%u %55s %16s %16s", &ipl.timeout,
+        /* key len 54 = "VMUUID"+'-'+"MAC" */
+        if (sscanf(line, "%u %54s %15s %15s", &ipl.timeout,
                    ifkey, ipstr, srvstr) < 4) {
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            _("virNWFilterSnoopLeaseFileLoad lease file "