alpine 3.8
buffer weakness #3

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

gphoto2/src/gphoto2-2.5.15/gphoto2/shell.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 buffer weakness.

 			continue;
                }

                slash = strchr (rel_path, '/');
		if (strcmp (rel_path, "") && (slash || !dest_filename)) {

			/*
			 * We need to go down one folder. Append a
			 * trailing slash
			 */
			if (dest_folder[strlen (dest_folder) - 1] != '/')
				strncat (dest_folder, "/", MAX_FOLDER_LEN - strlen(dest_folder) - 1);
		}
                if (slash) {
                        strncat (dest_folder, rel_path,
                                 MIN (MAX_FOLDER_LEN - strlen(dest_folder) - 1, slash - rel_path));
                        rel_path = slash + 1;
                } else {

                        /* Done */
                        if (dest_filename)
                                strncpy (dest_filename, rel_path,
                                         MAX_FILE_LEN);
                        else
				strncat (dest_folder, rel_path, MAX_FILE_LEN);
                        break;
                }
        }

        return (GP_OK);
}

static int
shell_lcd (Camera __unused__ *camera, const char *arg)
{
	char new_cwd[MAX_FOLDER_LEN];
	int arg_count = shell_arg_count (arg);

	if (!arg_count) {
		if (!getenv ("HOME")) {
			cli_error_print (_("Could not find home directory."));
			return (GP_OK);
		}
		strncpy (new_cwd, getenv ("HOME"), sizeof(new_cwd)-1);
		new_cwd[sizeof(new_cwd)-1] = '\0';
	} else
		shell_construct_path (cwd, arg, new_cwd, NULL);

	if (chdir (new_cwd) < 0) {
		cli_error_print (_("Could not change to " 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.