alpine 3.8
buffer weakness #37

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

aria2/src/aria2-1.34.0/src/IOFile.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 buffer weakness.

 #include <string>
#include <iosfwd>

namespace aria2 {

// This is a wrapper base class intended to provide
// fopen/fclose/fread/fwrite/fgets functionality.
class IOFile : public OutputFile {
private:
  typedef void (IOFile::*unspecified_bool_type)() const;
  void goodState() const {}

public:
  IOFile() {}
  virtual ~IOFile() = default;
  // Returns true if file is opened and ferror returns 0. Otherwise
  // returns false.
  operator unspecified_bool_type() const;
  // wrapper for fread. Using 1 for 2nd argument of fread.
  size_t read(void* ptr, size_t count);
  // wrapper for fwrite. Using 1 for 2nd argument of fwrite.
  size_t write(const void* ptr, size_t count);
  virtual size_t write(const char* str) CXX11_OVERRIDE;
  // wrapper for fgets
  char* gets(char* s, int size);
  // wrapper for fgets, but trailing '\n' is replaced with '\0'.
  char* getsn(char* s, int size);
  // Reads one line and returns it. The last '\n' is removed.
  std::string getLine();
  // wrapper for fclose
  int close();
  // wrapper for fflush
  int flush() CXX11_OVERRIDE;
  // Return true if file is opened && feof(fp_) != 0. Otherwise
  // returns false.
  bool eof();
  // Returns true if file supports ANSI color escape codes.
  bool supportsColor() CXX11_OVERRIDE;
  // Convenient method. Read data to end of file and write them into
  // given stream. Returns written size.
  size_t transfer(std::ostream& out);
  int vprintf(const char* format, va_list va) CXX11_OVERRIDE;
  // Mode for reading
  static const char READ[];
  // Mode for writing
  static const char WRITE[];
  // Mode for append
  static const char APPEND[];

protected: 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.