centos 6
buffer weakness #35


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:



The highlighted line of code below is the trigger point of this particular Centos 6 buffer weakness.

	char addrbuf[INET6_ADDRSTRLEN];
	static char exename[PATH_MAX*2]="";
	char commname[PATH_MAX*2];
	char ttyname[TTY_PATH];
	const char *success;
	int ret;

	if (audit_fd < 0)
		return 0;

	if (result)
		success = "success";
		success = "failed";

	/* If hostname is empty string, make it NULL ptr */
	if (hostname && *hostname == 0)
		hostname = NULL;
	addrbuf[0] = 0;
	if (addr == NULL || strlen(addr) == 0)
		_resolve_addr(addrbuf, hostname);
		strncat(addrbuf, addr, sizeof(addrbuf)-1);
	if (exename[0] == 0)
		_get_exename(exename, sizeof(exename));
	if (tty == NULL) 
		tty = _get_tty(ttyname, TTY_PATH);
	else if (*tty == 0)
		tty = NULL;

	_get_commname(comm, commname, sizeof(commname));

	snprintf(buf, sizeof(buf),
		"%s comm=%s exe=%s hostname=%s addr=%s terminal=%s res=%s",
		message, commname, exename,
		hostname ? hostname : "?",
		tty ? tty : "?",

	errno = 0;
	ret = audit_send_user_message( audit_fd, type, HIDE_IT, buf );
	if ((ret < 1) && errno == 0)
		errno = ret;
	return ret;

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.