alpine 3.6
buffer weakness #9

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

syslinux/src/syslinux-6.04-pre1/com32/hdt/hdt-cli-kernel.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

     bool found = false;
    char kernel_modules[LINUX_KERNEL_MODULE_SIZE *
			MAX_KERNEL_MODULES_PER_PCI_DEVICE];

    reset_more_printf();
    more_printf("Kernel modules\n");

// more_printf(" PCI device no: %d \n", p->pci_device_pos);

    if ((hardware->modules_pcimap_return_code == -ENOMODULESPCIMAP)
	&& (hardware->modules_alias_return_code == -ENOMODULESALIAS)) {
	more_printf(" modules.pcimap and modules.alias files are missing\n");
	return;
    }

    /* For every detected pci device, compute its submenu */
    for_each_pci_func(pci_device, hardware->pci_domain) {
	memset(kernel_modules, 0, sizeof kernel_modules);

	for (int kmod = 0;
	     kmod < pci_device->dev_info->linux_kernel_module_count; kmod++) {
	    if (kmod > 0) {
		strncat(kernel_modules, " | ", 3);
	    }
	    strncat(kernel_modules,
		    pci_device->dev_info->linux_kernel_module[kmod],
		    LINUX_KERNEL_MODULE_SIZE - 1);
	}

	if ((pci_device->dev_info->linux_kernel_module_count > 0)
	    && (!strstr(buffer, kernel_modules))) {
	    found = true;
	    if (pci_device->dev_info->linux_kernel_module_count > 1)
		strncat(buffer, "(", 1);
	    strncat(buffer, kernel_modules, sizeof(kernel_modules));
	    if (pci_device->dev_info->linux_kernel_module_count > 1)
		strncat(buffer, ")", 1);
	    strncat(buffer, " # ", 3);
	}

    }
    if (found == true) {
	strncat(buffer, "\n", 1);
	more_printf("%s", buffer);
    }
}

static void show_kernel_modules(int argc __unused, char **argv __unused,
				struct s_hardware *hardware)
{ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.