alpine 3.6
buffer weakness #11


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

 #include <stdio.h>

/* Yes, we use gets not fgets.  Sue me. */
extern char	*gets();

    char	 p[80];
    char	 text[80];

    printf("Wildmat tester.  Enter pattern, then strings to test.\n");
    printf("A blank line gets prompts for a new pattern; a blank pattern\n");
    printf("exits the program.\n");

    for ( ; ; ) {
	printf("\nEnter pattern:  ");
	if (gets(p) == NULL || p[0] == '\0')
	for ( ; ; ) {
	    printf("Enter text:  ");
	    if (gets(text) == NULL)
	    if (text[0] == '\0')
		/* Blank line; go back and get a new pattern. */
	    printf("      %s\n", wildmat(text, p) ? "YES" : "NO");

    /* NOTREACHED */
#endif	/* defined(TEST) */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.