alpine 3.9
buffer weakness #34

Weakness Breakdown

Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

pcsc-cyberjack/src/pcsc-cyberjack-3.99.5final.SP13/libcyberjack/libdialog/dialog.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 buffer weakness.

 	u_tmp_p->ut_user[0]!=0)
      break;
  }

  if (u_tmp_p==NULL) {
    DEBUGPE("RSCT: No user logged in at XServer :0 (%s (%d))\n", strerror(errno), errno);
    endutent();
    return -1;
  }

  pw=getpwnam(u_tmp_p->ut_user);
  if (pw==NULL) {
    DEBUGPE("RSCT: Could not get home folder for user [%s]: %s (%d)\n",
	    u_tmp_p->ut_user, strerror(errno), errno);
    endutent();
    return -1;
  }

  if (pw->pw_dir==NULL || *(pw->pw_dir)==0) {
    DEBUGPE("RSCT: User [%s] has no home folder\n", u_tmp_p->ut_user);
    endutent();
    return -1;
  }
  strncpy(buffer, pw->pw_dir, sizeof(buffer)-1);
  strncat(buffer, "/.cyberJack_gui_sock", sizeof(buffer)-1);
  endutent();

  sk=rsct_net_connect_by_path(buffer);
  if (sk==-1) {
    DEBUGPE("RSCT: Could not connect to [%s]: %s (%d)\n",
	    buffer, strerror(errno), errno);
    return -1;
  }

  return sk;
}


#endif



RSCT_DIALOG *rsct_dialog_new(const char *title, int stages,
			     uint8_t cla, uint8_t ins,
			     int keyTimeout,
			     const char *textStage0,
			     const char *textStage1,
			     const char *textStage2){
  RSCT_DIALOG *dlg;