alpine 3.7
buffer weakness #10

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

ckermit/src/ckuus7.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 buffer weakness.

 #ifdef OS2
    if (vmode != vmode_sav) {
        vmode = VTERM;
        VscrnIsDirty(VCMD);
        VscrnIsDirty(VTERM);
    }
#endif /* OS2 */
#endif /* NOLOCAL */
    return(0);
}
#endif /* NOICP */

/* A general function to allow a Password or other information  */
/* to be read from the command prompt without it going into     */
/* the recall buffer or being echo'd.                           */

int
readpass(prmpt, buffer, bufsiz) char * prmpt; char * buffer; int bufsiz; {
    int x;
#ifdef NOICP
    if (!prmpt) prmpt = "";
    printf("%s", prmpt);
#ifdef COMMENT
    /* Some linkers won't allow this because it's unsafe */
    gets(buffer);
#else  /* COMMENT */
    {
        int c, i; char * p;
        p = buffer;
        for (i = 0; i < bufsiz-1; i++) {
            if ((c = getchar()) == EOF)
              break;
            if (c < SP)
              break;
            buffer[i] = c;
        }
        buffer[i] = NUL;
    }
#endif /* COMMENT */
    return(1);
#else  /* NOICP */
#ifdef CK_RECALL
    extern int on_recall;               /* around Password prompting */
#endif /* CK_RECALL */
    int rc;
#ifndef NOLOCAL
#ifdef OS2
    extern int vmode;
    extern int startflags;
    int vmode_sav = vmode; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.