alpine 3.8
buffer weakness #34

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

apache2/src/httpd-2.4.39/test/test_find.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 buffer weakness.

 {
    ;
}

AP_DECLARE(void) ap_unblock_alarms(void)
{
    ;
}

AP_DECLARE(void) ap_log_error(const char *file, int line, int level,
                              const request_rec *r, const char *fmt, ...)
{
    ;
}

int main (void)
{
    apr_pool_t *p;
    char line[512];
    char tok[512];

    p = apr_pool_alloc_init();

    printf("Enter field value to find items within:\n");
    if (!gets(line))
        exit(0);

    printf("Enter search item:\n");
    while (gets(tok)) {
        printf("  [%s] == %s\n", tok, ap_find_list_item(p, line, tok)
                                  ? "Yes" : "No");
        printf("Enter search item:\n");
    }

    exit(0);
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.