alpine 3.7
buffer weakness #15


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.7 buffer weakness.

    char linkbuf[CF_BUFSIZE];
    const char *lastnode;
    struct stat dsb;
    PromiseResult result = PROMISE_RESULT_NOOP;

    linkbuf[0] = '\0';

    if ((S_ISLNK(sb->st_mode)) && (cf_readlink(ctx, sourcefile, linkbuf, CF_BUFSIZE, attr, pp, conn, &result) == -1))
        cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_FAIL, pp, attr, "Can't readlink '%s'", sourcefile);
        return PROMISE_RESULT_FAIL;
    else if (S_ISLNK(sb->st_mode))
        Log(LOG_LEVEL_VERBOSE, "Checking link from '%s' to '%s'", destfile, linkbuf);

        if ((attr.copy.link_type == FILE_LINK_TYPE_ABSOLUTE) && (!IsAbsoluteFileName(linkbuf)))        /* Not absolute path - must fix */
            char vbuff[CF_BUFSIZE];

            strlcpy(vbuff, sourcefile, CF_BUFSIZE);
            strncat(vbuff, linkbuf, CF_BUFSIZE - 1);
            strlcpy(linkbuf, vbuff, CF_BUFSIZE);
        strlcpy(linkbuf, sourcefile, CF_BUFSIZE);

    lastnode = ReadLastNode(sourcefile);

    if (MatchRlistItem(ctx, attr.copy.copy_links, lastnode))
        struct stat ssb;

        ExpandLinks(linkbuf, sourcefile, 0);
        Log(LOG_LEVEL_VERBOSE, "Link item in copy '%s' marked for copying from '%s' instead", sourcefile,
        stat(linkbuf, &ssb);
        return CfCopyFile(ctx, linkbuf, destfile, ssb, attr, pp, inode_cache, conn);

    int status;
    switch (attr.copy.link_type)

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.