From 58f314e89f893a2c72d0cf1026503abed45f44b4 Mon Sep 17 00:00:00 2001 From: Mikhail Novosyolov Date: Sat, 28 Feb 2026 20:58:34 +0300 Subject: [PATCH] Fix BUFFER_OVERFLOW.SPRINTF in zos-remote-plugin.c Replace sprintf with snprintf to prevent potential buffer overflow when formatting logString buffer. Svace report: Warning: An element of array '&logString[0]' of size 200 is accessed by an index with values in [0, +inf] which may lead to a buffer overflow. Format string: 'Linux (%s): type: %s'. Filled values can have unlimited string length. (CWE120, CWE121, CWE122, CWE124, CWE134, CWE20) Location: zos-remote-plugin.c:227 Co-authored-by: Z.AI GLM-5 --- audisp/plugins/zos-remote/zos-remote-plugin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audisp/plugins/zos-remote/zos-remote-plugin.c b/audisp/plugins/zos-remote/zos-remote-plugin.c index 91b3af5e9..09bd1ce38 100644 --- a/audisp/plugins/zos-remote/zos-remote-plugin.c +++ b/audisp/plugins/zos-remote/zos-remote-plugin.c @@ -230,7 +230,7 @@ push_event(auparse_state_t * au, auparse_cb_event_t cb_event_type, * We assume the first record type found is the * 'originating' audit record */ - sprintf(logString, "Linux (%s): type: %s", node, orig_type); + snprintf(logString, ZOS_REMOTE_LOGSTRING_SIZE, "Linux (%s): type: %s", node, orig_type); free((void *)node); /*