alpine 3.9
buffer weakness #1

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

gross/src/gross-1.0.2/src/gross.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 buffer weakness.

 	ctx->dnsbl = NULL;
	ctx->dnswl = NULL;
	ctx->rhsbl = NULL;
#endif /* DNSBL */

	return ctx;
}

void
configure_grossd(configlist_t *config)
{
	int ret;
	configlist_t *cp;
	const char *updatestr;
	struct hostent *host = NULL;
	char buffer[MAXLINELEN] = { '\0' };
	params_t *pp;

	cp = config;
	if (ctx->config.flags & (FLG_NODAEMON))
		while (cp) {
			pp = cp->params;
			*buffer = '\0';
			while (pp) {
				strncat(buffer, " ; ", MAXLINELEN - 1);
				strncat(buffer, pp->value, MAXLINELEN - 1);
				pp = pp->next;
			}
			logstr(GLOG_DEBUG, "config: %s = %s%s", cp->name, cp->value, buffer);
			cp = cp->next;
		}
#ifdef USE_SEM_OPEN
	ret = sem_unlink("sem_sync");
	if (ret == -1 && errno == EACCES)
		daemon_fatal("sem_unlink");
	ctx->sync_guard = sem_open("sem_sync", O_CREAT | O_EXCL, S_IRUSR | S_IWUSR, 1);
	if (ctx->sync_guard == (sem_t *) SEM_FAILED)
		daemon_fatal("sem_open");
#else
	ctx->sync_guard = Malloc(sizeof(sem_t));
	ret = sem_init(ctx->sync_guard, 0, 1);	/* Process local (0), initial count 1. */
	if (ret != 0)
		daemon_fatal("sem_init");
#endif /* USE_SEM_OPEN */

	pthread_mutex_init(&ctx->bloom_guard, NULL);

	pthread_mutex_init(&ctx->config.peer.peer_in_mutex, NULL);

	ctx->config.gross_host.sin_family = AF_INET; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.