pt_util: Catch sscanf failures

[openafs.git] / src / ptserver / pt_util.c

diff --git a/src/ptserver/pt_util.c b/src/ptserver/pt_util.c
index 58288ef..f1e9c39 100644 (file)
--- a/src/ptserver/pt_util.c
+++ b/src/ptserver/pt_util.c
@@ -237,7 +237,12 @@ CommandProc(struct cmd_syndesc *a_as, void *arock)
            char name[PR_MAXNAMELEN], mem[PR_MAXNAMELEN];
 
            if (isspace(*buffer)) {
-               sscanf(buffer, "%s %d", mem, &uid);
+               code = sscanf(buffer, "%s %d", mem, &uid);
+               if (code != 2) {
+                   fprintf(stderr,
+                           "Insuffient data provided for group membership\n");
+                   exit(1);
+               }
 
                for (u = usr_head; u; u = u->next)
                    if (u->uid && u->uid == uid)
@@ -287,8 +292,13 @@ CommandProc(struct cmd_syndesc *a_as, void *arock)
                    fprintf(stderr, "Error while adding %s to %s: %s\n", mem,
                            name, afs_error_message(code));
            } else {
-               sscanf(buffer, "%s %d/%d %d %d %d", name, &flags, &quota, &id,
-                      &oid, &cid);
+               code = sscanf(buffer, "%s %d/%d %d %d %d", name, &flags, &quota, &id,
+                             &oid, &cid);
+               if (code != 6) {
+                   fprintf(stderr,
+                           "Insufficient data provided for user/group\n");
+                   exit(1);
+               }
 
                if (FindByID(0, id))
                    code = PRIDEXIST;