alpine 3.6
buffer weakness #8

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

syslinux/src/syslinux-6.04-pre1/com32/hdt/hdt-menu-kernel.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

     menu->items_count = 0;
    set_menu_pos(SUBMENU_Y, SUBMENU_X);

    if ((hardware->modules_pcimap_return_code == -ENOMODULESPCIMAP) &&
	(hardware->modules_alias_return_code == -ENOMODULESALIAS)) {
	add_item("The modules.{pcimap|alias} file is missing",
		 "Missing modules.{pcimap|alias} file", OPT_INACTIVE, NULL, 0);
	add_item("Kernel modules can't be computed.",
		 "Missing modules.{pcimap|alias} file", OPT_INACTIVE, NULL, 0);
	add_item("Please put one of them in same dir as hdt",
		 "Missing modules.{pcimap|alias} file", OPT_INACTIVE, NULL, 0);
	add_item("", "", OPT_SEP, "", 0);
    } else {
	/*
	 * For every detected pci device, grab its kernel module to
	 * compute this submenu
	 */
	for_each_pci_func(pci_device, hardware->pci_domain) {
	    memset(kernel_modules, 0, sizeof kernel_modules);
	    for (int i = 0;
		 i < pci_device->dev_info->linux_kernel_module_count; i++) {
		if (i > 0) {
		    strncat(kernel_modules, " | ", 3);
		}
		strncat(kernel_modules,
			pci_device->dev_info->linux_kernel_module[i],
			LINUX_KERNEL_MODULE_SIZE - 1);
	    }
	    /* No need to add unknown kernel modules */
	    if (strlen(kernel_modules) > 0) {
		snprintf(buffer, sizeof buffer, "%s (%s)",
			 kernel_modules, pci_device->dev_info->class_name);
		snprintf(infobar, sizeof infobar,
			 "%04x:%04x %s : %s",
			 pci_device->vendor,
			 pci_device->product,
			 pci_device->dev_info->vendor_name,
			 pci_device->dev_info->product_name);

		add_item(buffer, infobar, OPT_INACTIVE, NULL, 0);
		menu->items_count++;
	    }
	}
    }

    printf("MENU: Kernel menu done (%d items)\n", menu->items_count);
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.