alpine 3.9
buffer weakness #32

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

pcsc-cyberjack/src/pcsc-cyberjack-3.99.5final.SP13/cjeca32/ausb/ausb_libusb0.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 buffer weakness.

 }



struct usb_device *ausb_libusb0_get_usbdev(const rsct_usbdev_t *d) {
  struct usb_bus *busses, *bus;
  struct usb_device *dev;
  char tname[PATH_MAX+1];
  char filename[PATH_MAX+1];
  int nlen;

  ausb_libusb0_init();

  snprintf(tname, PATH_MAX, "%03d/%03d",
	   d->busId, d->busPos);
  nlen=strlen(tname);

  busses = usb_get_busses();

  for (bus = busses; bus; bus = bus->next) {
    for (dev = bus->devices; dev; dev = dev->next) {
      int flen;

      strncpy(filename, bus->dirname, PATH_MAX );
      strncat(filename, "/", PATH_MAX );
      strncat(filename, dev->filename, PATH_MAX );
      flen=strlen(filename);
      if (flen>=nlen) {
	if (strncmp(filename+(flen-nlen), tname, nlen)==0) {
	  if (dev->descriptor.idVendor == AUSB_CYBERJACK_VENDOR_ID)
	    return dev;
	  else {
	    fprintf(stderr, "RSCT: Device at %s is not a cyberjack\n", filename);
	    return NULL;
	  }
	}
      }
    }
  }
  return NULL;
}


#endif
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.