alpine 3.7
buffer weakness #43

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

kbuild/src/kBuild-0.1.9998-pre20131130/src/kmk/w32/pathstuff.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 buffer weakness.

             p = ++etok;
        }

    return Path;
}

#if 1 /* bird */
extern void nt_fullpath(const char *pszPath, char *pszFull, size_t cchFull);
#endif

/*
 * Convert to forward slashes. Resolve to full pathname optionally
 */
char *
w32ify(const char *filename, int resolve)
{
    static char w32_path[FILENAME_MAX];
    char *p;

#if 1 /* bird */
    if (resolve) {
        nt_fullpath(filename, w32_path, sizeof(w32_path));
    } else {
        w32_path[0] = '\0';
        strncat(w32_path, filename, sizeof(w32_path));
    }
#else   /* !bird */
    if (resolve) {
        _fullpath(w32_path, filename, sizeof (w32_path));
    } else
        strncpy(w32_path, filename, sizeof (w32_path));
#endif  /* !bird */

    for (p = w32_path; p && *p; p++)
        if (*p == '\\')
            *p = '/';

    return w32_path;
}

char *
getcwd_fs(char* buf, int len)
{
	char *p = getcwd(buf, len);

	if (p) {
		char *q = w32ify(buf, 0);
#if 1  /* bird */
		buf[0] = '\0';
		strncat(buf, q, len); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.