From 00ffa2de2d14462aabc16665acb2062132f56965 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 4 May 2026 12:40:50 -0500 Subject: [PATCH] process58: bound sscanf perm field in get_exec_shield_status Use %7s and larger buffer; read maps lines with fgets(buf, sizeof(buf)). Co-authored-by: Cursor --- src/OVAL/probes/unix/process58_probe.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/OVAL/probes/unix/process58_probe.c b/src/OVAL/probes/unix/process58_probe.c index 7a5df13eb9..9894b356d0 100644 --- a/src/OVAL/probes/unix/process58_probe.c +++ b/src/OVAL/probes/unix/process58_probe.c @@ -365,16 +365,16 @@ static int get_exec_shield_status(int pid) { long unsigned low, high, inode; long long unsigned offset; int dev_min, dev_maj; - char perm[3], trim; + char perm[8], trim; int ret = -1, read_items; const char *prefix = getenv("OSCAP_PROBE_ROOT"); snprintf(buf, sizeof(buf), "%s/proc/%d/maps", prefix ? prefix : "", pid); sf = fopen(buf, "rt"); if (sf) { - while (fgets(buf, 500, sf)) { + while (fgets(buf, sizeof(buf), sf)) { read_items = sscanf( - buf, "%lx-%lx rw%s %llx %x:%x %lu %c\n", + buf, "%lx-%lx rw%7s %llx %x:%x %lu %c\n", &low, &high, perm, &offset, &dev_min, &dev_maj, &inode, &trim );