alpine 3.8
buffer weakness #8

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

hylafaxplus/src/hylafax-7.0.0/util/ModemExt.c++

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 buffer weakness.

  * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND,
 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
 * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF 
 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE 
 * OF THIS SOFTWARE.
 */
#include "ModemExt.h"
#include "StackBuffer.h"

ModemExt::ModemExt() {}
ModemExt::~ModemExt() {}

inline void
gets(fxStr& s, const char*& cp)
{
    s = cp;
    cp += s.length()+1;
}

const char*
ModemExt::decode(const char* cp)
{
    gets(devID, cp);
    gets(number, cp);
    gets(commid, cp);

    state = cp[0];
    canpoll = (cp[1] == 'P');
    u_int v;
    memcpy(&v, cp+2, sizeof (u_int));
    caps.decodeCaps(v);
    memcpy(&priority, cp+2+sizeof (v), sizeof (u_short));
    return (cp + 2 + sizeof (u_int) + sizeof (u_short));
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.