s3:utils: Do not overflow the destination buffer in net_idmap_restore()

Found by covsan.

error[invalidScanfFormatWidth]: Width 128 given in format string (no. 2)
is larger than destination buffer 'sid_string[128]', use %127s to
prevent overflowing it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567

Pair-Programmed-With: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/utils/net_idmap.c b/source3/utils/net_idmap.c
index fee8121aa6037683dd31cafd519e37b6da65c628..4f365662a71fd6782f435c5c0377c37c28ce9f0d 100644 (file)
--- a/source3/utils/net_idmap.c
+++ b/source3/utils/net_idmap.c
@@ -417,14 +417,14 @@ static int net_idmap_restore(struct net_context *c, int argc, const char **argv)
                if ( (len > 0) && (line[len-1] == '\n') )
                        line[len-1] = '\0';
 
-               if (sscanf(line, "GID %lu %128s", &idval, sid_string) == 2)
+               if (sscanf(line, "GID %lu %127s", &idval, sid_string) == 2)
                {
                        ret = net_idmap_store_id_mapping(db, ID_TYPE_GID,
                                                         idval, sid_string);
                        if (ret != 0) {
                                break;
                        }
-               } else if (sscanf(line, "UID %lu %128s", &idval, sid_string) == 2)
+               } else if (sscanf(line, "UID %lu %127s", &idval, sid_string) == 2)
                {
                        ret = net_idmap_store_id_mapping(db, ID_TYPE_UID,
                                                         idval, sid_string);