alpine 3.9
buffer weakness #17

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

snownews/src/snownews-1.5.12/conversions.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 buffer weakness.

 int calcAgeInDays (struct tm * t);

#ifdef STATIC_CONST_ICONV
char * iconvert (const char * inbuf) {
#else
char * iconvert (char * inbuf) {
#endif
	iconv_t cd;							/* Iconvs conversion descriptor. */
	char *outbuf, *outbuf_first;		/* We need two pointers so we do not lose
	                                      the string starting position. */
	char target_charset[64];
	size_t inbytesleft, outbytesleft;

	/*(void)strlcpy(target_charset, nl_langinfo(CODESET), sizeof(target_charset));*/
	strncpy(target_charset, nl_langinfo(CODESET), sizeof(target_charset));
		
	/* Take a shortcut. */
	if (strcasecmp (target_charset, "UTF-8") == 0)
		return strdup(inbuf);
	
	inbytesleft = strlen(inbuf);
	outbytesleft = strlen(inbuf);

	/*(void)strlcat(target_charset, "//TRANSLIT", sizeof(target_charset));*/
	strncat(target_charset, "//TRANSLIT", sizeof(target_charset));

	/* cd = iconv_open(nl_langinfo(CODESET), "UTF-8"); */
	if (forced_target_charset) {
		cd = iconv_open (forced_target_charset, "UTF-8");
	} else {
		cd = iconv_open (target_charset, "UTF-8");
	}
	if (cd == (iconv_t) -1) {
		return NULL;
	}
	
	outbuf = malloc (outbytesleft+1);
	outbuf_first = outbuf;

	if (iconv (cd, &inbuf, &inbytesleft, &outbuf, &outbytesleft) == -1) {
		free(outbuf_first);
		iconv_close(cd);
		return NULL;
	}

	*outbuf = 0;
	
	iconv_close (cd);
	
	return outbuf_first; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.