From 4f636d100e35865fc7156ffb2ba674605d1b404c Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Wed, 28 Sep 2016 13:59:52 +0200
Subject: [PATCH] eap: check scanf return value (CID 1373396).

Change-Id: I4b602110fc3959dd7214fe15e9c37e3870794c1d
Reviewed-on: https://code.wireshark.org/review/17967
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
---
 epan/dissectors/packet-eap.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/epan/dissectors/packet-eap.c b/epan/dissectors/packet-eap.c
index 9e15501ce8..82b2838337 100644
--- a/epan/dissectors/packet-eap.c
+++ b/epan/dissectors/packet-eap.c
@@ -594,8 +594,10 @@ dissect_eap_identity_wlan(tvbuff_t *tvb, packet_info* pinfo, proto_tree* tree, i
   dissect_e212_utf8_imsi(tvb, pinfo, eap_identity_tree, offset + 1, (guint)strlen(tokens[0]) - 1);
 
   /* guess if we have a 3 bytes mnc by comparing the first bytes with the imsi */
-  sscanf(tokens[2] + 3, "%u", &mnc);
-  sscanf(tokens[3] + 3, "%u", &mcc);
+  if (!sscanf(tokens[2] + 3, "%u", &mnc) || !sscanf(tokens[3] + 3, "%u", &mcc)) {
+    ret = FALSE;
+    goto end;
+  }
 
   if (!g_ascii_strncasecmp(tokens[0], tokens[2] + 3, 3)) {
     mcc_mnc = 1000 * mcc + mnc;