Fix incorrect return-value check for a scanf like function (CWE-253)

schweikert / fping

High performance ping tool

https://fping.org

Other

1.01k stars 250 forks source link

Fix incorrect return-value check for a scanf like function (CWE-253) #323

Closed gsnw closed 2 months ago

gsnw commented 2 months ago

This pull request fix the codeql security CWE-253 alert Incorrect return-value check for a 'scanf'-like function

coveralls commented 2 months ago

coverage: 85.117%. remained the same when pulling 5d0fdaa93639cffbe4df57ff939ad2664715fd73 on gsnw:fix-scanf-cwe253 into 2f2ff0bd2c38c911cfe659bd65dc494e8dd0bc2b on schweikert:develop.

gsnw commented 2 months ago

Fix issue #324

auerswal commented 2 months ago

sscanf() returns EOF when used with an empty string as input. This can be given as option argument, e.g., using fping -t '' …. Without the pull request, fping does not catch this invalid option argument.

coveralls commented 2 months ago

coverage: 85.54% (+0.07%) from 85.469% when pulling edffcc3b3c734588f17455a282817a91bcc8c83c on gsnw:fix-scanf-cwe253 into 118cdc5cc6bed1afdf66001c2a88088fe9dc7598 on schweikert:develop.

auerswal commented 2 months ago

I have looked at the changes again, IMHO they are "obviously correct", so I'll just go ahead and merge this. @schweikert: Please let me know if this is OK.

schweikert commented 2 months ago

Looks good to me as well. Thanks!