alpine 3.8
buffer weakness #33

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

gnokii/src/gnokii-0.6.31/common/phones/nk6100.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 buffer weakness.

 					strcat(data->revision, ", SW ");
					strncat(data->revision, aux,
						aux2 - aux);
				} else {
					snprintf(data->revision, aux2 - aux + 4,
						 "SW %s", aux);
				}
				dprintf("Received %s\n", data->revision);
			}
			aux = strchr(message + 5, 0x0a);
			aux++;
			aux = strchr(aux, 0x0a);
			aux++;
			if (data->model) {
				aux2 = strchr(aux, 0x0a);
				*aux2 = 0;
				snprintf(data->model, GN_MODEL_MAX_LENGTH, "%s", aux);
				dprintf("Received model %s\n", data->model);
			}
			break;
		case 0x05:
			if (data->revision) {
				if (data->revision[0]) {
					strcat(data->revision, ", HW ");
					strncat(data->revision, message + 5,
						GN_REVISION_MAX_LENGTH);
				} else {
					snprintf(data->revision, GN_REVISION_MAX_LENGTH,
						 "HW %s", message + 5);
				}
				dprintf("Received %s\n", data->revision);
			}
			break;
		default:
			return GN_ERR_NOTIMPLEMENTED;
		}
		break;

	default:
		return pnok_security_incoming(messagetype, message, length, data, state);
	}

	return GN_ERR_NONE;
}

static gn_error GetActiveCalls1(gn_data *data, struct gn_statemachine *state)
{
	char req[] = {FBUS_FRAME_HEADER, 0x20};

	if (!data->call_active) return GN_ERR_INTERNALERROR; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.