Skip to content

Potential fix for code scanning alert no. 19: Potentially overflowing call to snprintf #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Potential fix for code scanning alert no. 19: Potentially overflowing call to snprintf #7

wants to merge 5 commits into from

Conversation

rzr
Copy link
Owner

@rzr rzr commented May 22, 2025

Potential fix for https://github.com/rzr/z-wave-protocol-controller/security/code-scanning/19

To fix the issue, we need to validate the return value of snprintf after each call. If the return value is negative or exceeds the remaining buffer size, we should stop further writes to prevent buffer overflow. This involves:

  1. Storing the return value of snprintf in a variable.
  2. Checking if the return value is negative or greater than or equal to the remaining buffer size (sizeof(message) - index).
  3. Breaking out of the loop or handling the error appropriately if the condition is met.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

rzr and others added 5 commits May 22, 2025 17:25
@rzr @github-advanced-security
zwave_rx: Harden zwave_rx_print_protocol_version in zwave_rx.c
a52e6e8 
Checking snprintf results, this was found using CodeQL

  Potential fix for code scanning alert no. 15:
  Potentially overflowing call to snprintf

For the record this function escape the git commit to hex form (in ascii)

Origin: SiliconLabsSoftware#104
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Relate-to: SiliconLabsSoftware#100
Signed-off-by: Philippe Coval <philippe.coval@silabs.com>
@rzr
ci: github: Remove use of token
7830c46 
This will align to SL policy

Signed-off-by: Philippe Coval <philippe.coval@silabs.com>
@rzr
ci: build: Enable build on PR and prevent use of pull_request_target
cf0f068 
Also added comment to prevent privileges escalation using pull_request_target (see related change)

Relate-to:SiliconLabsSoftware#67
Relate-to: https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
Signed-off-by: Philippe Coval <philippe.coval@silabs.com>
@rzr @github-advanced-security
Potential fix for code scanning alert no. 6: Potentially overflowing …
87bd829 
…call to snprintf

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@rzr @github-advanced-security
Potential fix for code scanning alert no. 19: Potentially overflowing…
8c3b5db 
… call to snprintf

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@rzr rzr force-pushed the main branch 18 times, most recently from 4f86970 to e24a30e Compare May 27, 2025 13:30
@rzr rzr force-pushed the main branch 7 times, most recently from 7c4a093 to cdc13a8 Compare June 3, 2025 09:57
@rzr rzr force-pushed the main branch 8 times, most recently from e7c64e2 to a86e78d Compare June 5, 2025 15:37
@rzr rzr force-pushed the main branch 9 times, most recently from 01d2815 to 1df056b Compare June 16, 2025 15:35
@rzr rzr force-pushed the main branch 6 times, most recently from eb732ac to 31cb0ba Compare June 23, 2025 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rzr