Skip to content

Fix BUFFER_OVERFLOW.SPRINTF in zos-remote-plugin.c#509

Merged
stevegrubb merged 1 commit intolinux-audit:masterfrom
mikhailnov:svace1
Feb 28, 2026
Merged

Fix BUFFER_OVERFLOW.SPRINTF in zos-remote-plugin.c#509
stevegrubb merged 1 commit intolinux-audit:masterfrom
mikhailnov:svace1

Conversation

@mikhailnov
Copy link
Contributor

@mikhailnov mikhailnov commented Feb 28, 2026

Replace sprintf with snprintf to prevent potential buffer overflow when formatting logString buffer.

Svace report:
Warning: An element of array '&logString[0]' of size 200 is accessed
by an index with values in [0, +inf] which may lead to a buffer overflow.
Format string: 'Linux (%s): type: %s'. Filled values can have unlimited
string length. (CWE120, CWE121, CWE122, CWE124, CWE134, CWE20)
Location: zos-remote-plugin.c:227

@mikhailnov
Fix BUFFER_OVERFLOW.SPRINTF in zos-remote-plugin.c
58f314e 
Replace sprintf with snprintf to prevent potential buffer overflow
when formatting logString buffer.

Svace report:
  Warning: An element of array '&logString[0]' of size 200 is accessed
  by an index with values in [0, +inf] which may lead to a buffer overflow.
  Format string: 'Linux (%s): type: %s'. Filled values can have unlimited
  string length. (CWE120, CWE121, CWE122, CWE124, CWE134, CWE20)
  Location: zos-remote-plugin.c:227

Co-authored-by: Z.AI GLM-5
@stevegrubb
Copy link
Contributor

stevegrubb commented Feb 28, 2026

Thanks for the patch. Neither item being logged is attacker controlled.

@stevegrubb stevegrubb merged commit 828b5b2 into linux-audit:master Feb 28, 2026
4 checks passed
@mikhailnov
Copy link
Contributor Author

mikhailnov commented Mar 1, 2026

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mikhailnov @stevegrubb