Bug 1059314

Summary: Can't trust %n argument to sscanf() in find_key_by_type_and_desc() in libkeyutils
Product: Red Hat Enterprise Linux 7 Reporter: David Howells <dhowells>
Component: keyutilsAssignee: David Howells <dhowells>
Status: CLOSED WONTFIX QA Contact: Kun Wang <kunwan>
Severity: low Docs Contact:
Priority: low    
Version: 7.0CC: dhowells, kunwan, xzhou
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-21 02:27:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Howells 2014-01-29 16:01:45 UTC 
Description of problem:

find_key_by_type_and_desc() in libkeyutils uses sscanf() to parse the lines read from /proc/keys and puts '%n' in the format to get the length of the data parsed to that point.

Unfortunately, (a) it is undefined in the manual page as to whether %n actually contributes to the returned count of extracted values and (b) if it wasn't set, there's no way to know that if there is no extracted value subsequent to it.

Version-Release number of selected component (if applicable):

keyutils-1.5.7 and keyutils-1.5.8
Comment 1 David Howells 2014-01-29 16:03:34 UTC 
Fixed upstream:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?id=9d22b9b8be886b01d0e929d658b39afc729241eb
Comment 5 David Howells 2014-01-30 09:48:38 UTC 
This is fixed upstream:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?h=development&id=9d22b9b8be886b01d0e929d658b39afc729241eb
Comment 6 Ludek Smid 2014-06-26 09:05:57 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.
Comment 7 Ludek Smid 2014-06-26 11:16:08 UTC 
The comment above is incorrect. The correct version is bellow.
I'm sorry for any inconvenience.
---------------------------------------------------------------

This request was NOT resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you need
to escalate this bug.