plugin: use snprintf for fixed-size formatting buffers#3352
Conversation
|
The commit message doesn't match what the patch does. Please update the commit message accordingly. The change itself is okay though highly unlikely that this is ever a problem. The strings are fixed and relative short. But yes, famous last words. |
orbisai0security
changed the title
|
Updated the title/description to reflect the actual code changes. |
|
Thanks. I was referring to the commit message itself, not the github title. The reason I asked this, we don't know how log github will exists (whatever reason this repo moves away), thus the git history is very important and should contain all necessary information to understand what a change does. Currently, it reads I would suggest to change to something like I can do it myself if you want. Just wanted to inform you why I am asking this. |
Automated security fix generated by Orbis Security AI Signed-off-by: orbisai0security <mediratta01.pally@gmail.com>
orbisai0security
force-pushed
the
fix-sprintf-buffer-overflow-plugin-c
branch
from
89afbe7 to
2e4677f
Compare
done |
|
Thanks! |
2 participants
Summary
plugin: use snprintf for fixed-size formatting buffers
Replace sprintf() with snprintf() when formatting strings into the fixed-size man and usage buffers in plugin.c.
The inputs are currently internal command/plugin metadata and are expected to be short, so this is not believed to be a practical security vulnerability. This change is a defensive cleanup that makes the bounds explicit and avoids relying on those assumptions.
Changes
plugin.cVerification
Automated security fix by OrbisAI Security