alpine 3.8
buffer weakness #20

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

bacula/src/bacula-9.0.5/src/qt-console/tray-monitor/runjob.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 buffer weakness.

    if (p && *p) {
      pm_strcpy(info, p);      
      p = ui.levelCombo->currentText().toUtf8().data();
      if (p && *p) {
         task *t = new task();
         pm_strcpy(level, p);
         connect(t, SIGNAL(done(task *)), this, SLOT(jobInfo(task *)), Qt::QueuedConnection);
         t->arg = info.c_str();    // Jobname
         t->arg2 = level.c_str();  // Level
         t->init(res, TASK_INFO);
         res->wrk->queue(t);
      }
   }
}

void RunJob::jobInfo(task *t)
{
   char ed1[50];
   res->mutex->lock();
   if (res->infos.CorrNbJob == 0) {
      ui.boxEstimate->setVisible(false);
   } else {
      QString t;
      edit_uint64_with_suffix(res->infos.JobBytes, ed1);
      strncat(ed1, "B", sizeof(ed1));
      ui.labelJobBytes->setText(QString(ed1));
      ui.labelJobFiles->setText(QString(edit_uint64_with_commas(res->infos.JobFiles, ed1)));
      ui.labelJobLevel->setText(QString(job_level_to_str(res->infos.JobLevel)));
      t = tr("Computed over %1 job%2, the correlation is %3/100.").arg(res->infos.CorrNbJob).arg(res->infos.CorrNbJob>1?"s":"").arg(res->infos.CorrJobBytes);
      ui.labelJobBytes_2->setToolTip(t);
      t = tr("Computed over %1 job%2, The correlation is %3/100.").arg(res->infos.CorrNbJob).arg(res->infos.CorrNbJob>1?"s":"").arg(res->infos.CorrJobFiles);
      ui.labelJobFiles_2->setToolTip(t);
      ui.boxEstimate->setVisible(true);
   }
   res->mutex->unlock();
   t->deleteLater();
}

static void set_combo(QComboBox *dest, char *str)
{
   if (str) {
      int idx = dest->findText(QString(str), Qt::MatchExactly);
      if (idx >= 0) {
         dest->setCurrentIndex(idx);
      }
   }
}

void RunJob::fill_defaults(task *t)
{ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.