centos 6
buffer weakness #31


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:



The highlighted line of code below is the trigger point of this particular Centos 6 buffer weakness.


dl_funcptr _PyImport_GetDynLoadFunc(const char *fqname, const char *shortname,
                                    const char *pathname, FILE *fp)
    dl_funcptr p;
    image_id the_id;
    status_t retval;
    char fullpath[PATH_MAX];
    char funcname[258];

    if( Py_VerboseFlag ) {
        printf( "load_add_on( %s )\n", pathname );

    /* Hmm, this old bug appears to have regenerated itself; if the
     * path isn't absolute, load_add_on() will fail.  Reported to Be
     * April 21, 1998.
    if( pathname[0] != '/' ) {
        (void)getcwd( fullpath, PATH_MAX );
        (void)strncat( fullpath, "/", PATH_MAX );
        (void)strncat( fullpath, pathname, PATH_MAX );

        if( Py_VerboseFlag ) {
            printf( "load_add_on( %s )\n", fullpath );
    } else {
        (void)strcpy( fullpath, pathname );

    the_id = load_add_on( fullpath );
    if( the_id < B_NO_ERROR ) {
        /* It's too bad load_add_on() doesn't set errno or something...
        char buff[256];  /* hate hard-coded string sizes... */

        if( Py_VerboseFlag ) {
            printf( "load_add_on( %s ) failed", fullpath );

        if( the_id == B_ERROR )
            PyOS_snprintf( buff, sizeof(buff),
                           "BeOS: Failed to load %.200s",
                           fullpath );
            PyOS_snprintf( buff, sizeof(buff), 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.