alpine 3.9
buffer weakness #14

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

xbindkeys/src/xbindkeys-1.8.6/options.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 buffer weakness.

 	  show_help ();
	  exit (1);
	}
    }

  if (strcmp (rc_file, "") == 0)
    {
      home = getenv ("HOME");

      if (rc_file != NULL)
	{
	  strncpy (rc_file, home, sizeof (rc_file) - 20);
	  strncat (rc_file, "/.xbindkeysrc", sizeof (rc_file));
	}
    }

#ifdef GUILE_FLAG
  if (strcmp (rc_guile_file, "") == 0)
    {
      home = getenv ("HOME");

      if (rc_guile_file != NULL)
	{
	  strncpy (rc_guile_file, home, sizeof (rc_guile_file) - 20);
	  strncat (rc_guile_file, "/.xbindkeysrc.scm", sizeof (rc_guile_file));
	}
    }
#endif
}

void
show_options (void)
{
  if (verbose)
    {
      printf ("displayName = %s\n", display_name);
      printf ("rc file = %s\n", rc_file);
#ifdef GUILE_FLAG
      printf ("rc guile file = %s\n", rc_guile_file);
#endif
    }
}


static void
show_version (void)
{
  fprintf (stderr, "xbindkeys %s by Philippe Brochard\n", PACKAGE_VERSION);
}
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.