alpine 3.9
format weakness #4

4

Weakness Breakdown


Definition:

A format string exploit occurs when the data of an input string is evaluated as a command by the program. This class of attacks is very similar to buffer overflows since an attacker could execute code, read the stack or cause new behaviors that compromise security. Learn more about format string attacks on OWASP attack index.

Warning code(s):

If format strings can be influenced by an attacker, they can be exploited.

File Name:

keyutils/src/keyutils-1.6/key.dns.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 format weakness.

 #define	INET_IP6_ONLY		0x2
#define	INET_ALL		0xFF
#define ONE_ADDR_ONLY		0x100

/*
 * key.dns_resolver.c
 */
extern key_serial_t key;
extern int debug_mode;
extern unsigned mask;

#define N_PAYLOAD 256
extern struct iovec payload[N_PAYLOAD];
extern int payload_index;

extern __attribute__((format(printf, 1, 2), noreturn))
void error(const char *fmt, ...);
extern __attribute__((format(printf, 1, 2)))
void _error(const char *fmt, ...);
extern __attribute__((format(printf, 1, 2)))
void info(const char *fmt, ...);
extern __attribute__((noreturn))
void nsError(int err, const char *domain);
extern void _nsError(int err, const char *domain);
extern __attribute__((format(printf, 1, 2)))
void debug(const char *fmt, ...);

extern void append_address_to_payload(const char *addr);
extern void dump_payload(void);
extern int dns_resolver(const char *server_name, const char *port);

/*
 * dns.afsdb.c
 */
extern __attribute__((noreturn))
void afs_look_up_VL_servers(const char *cell, char *options); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.