alpine 3.6
buffer weakness #29

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

alsa-lib/src/alsa-lib-1.1.3/src/input.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

  * \bug Reading from a memory buffer doesn't work.
 */
int snd_input_scanf(snd_input_t *input, const char *format, ...)
{
	int result;
	va_list args;
	va_start(args, format);
	result = input->ops->scan(input, format, args);
	va_end(args);
	return result;
}

/**
 * \brief Reads a line from an input handle (like \c fgets(3)).
 * \param input The input handle.
 * \param str Address of the destination buffer.
 * \param size The size of the destination buffer.
 * \return Pointer to the buffer if successful, otherwise \c NULL.
 *
 * Like \c fgets, the returned string is zero-terminated, and contains
 * the new-line character \c '\\n' if the line fits into the buffer.
 */
char *snd_input_gets(snd_input_t *input, char *str, size_t size)
{
	return (input->ops->gets)(input, str, size);
}
			
/**
 * \brief Reads a character from an input handle (like \c fgetc(3)).
 * \param input The input handle.
 * \return The character read, or \c EOF on end of file or error.
 */
int snd_input_getc(snd_input_t *input)
{
	return input->ops->getch(input);
}

/**
 * \brief Puts the last character read back to an input handle (like \c ungetc(3)).
 * \param input The input handle.
 * \param c The character to push back.
 * \return The character pushed back, or \c EOF on error.
 */
int snd_input_ungetc(snd_input_t *input, int c)
{
	return input->ops->ungetch(input, c);
}

#ifndef DOC_HIDDEN
typedef struct _snd_input_stdio { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.