Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.
The highlighted line of code below is the trigger point of this particular Centos 7 buffer weakness.
# if !@HAVE_DECL_GETLINE@ _GL_FUNCDECL_SYS (getline, ssize_t, (char **lineptr, size_t *linesize, FILE *stream) _GL_ARG_NONNULL ((1, 2, 3))); # endif _GL_CXXALIAS_SYS (getline, ssize_t, (char **lineptr, size_t *linesize, FILE *stream)); # endif # if @HAVE_DECL_GETLINE@ _GL_CXXALIASWARN (getline); # endif #elif defined GNULIB_POSIXCHECK # undef getline # if HAVE_RAW_DECL_GETLINE _GL_WARN_ON_USE (getline, "getline is unportable - " "use gnulib module getline for portability"); # endif #endif /* It is very rare that the developer ever has full control of stdin, so any use of gets warrants an unconditional warning; besides, C11 removed it. */ #undef gets #if HAVE_RAW_DECL_GETS _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); #endif #if @GNULIB_OBSTACK_PRINTF@ || @GNULIB_OBSTACK_PRINTF_POSIX@ struct obstack; /* Grow an obstack with formatted output. Return the number of bytes added to OBS. No trailing nul byte is added, and the object should be closed with obstack_finish before use. Upon memory allocation error, call obstack_alloc_failed_handler. Upon other error, return -1. */ # if @REPLACE_OBSTACK_PRINTF@ # if !(defined __cplusplus && defined GNULIB_NAMESPACE) # define obstack_printf rpl_obstack_printf # endif _GL_FUNCDECL_RPL (obstack_printf, int, (struct obstack *obs, const char *format, ...) _GL_ATTRIBUTE_FORMAT_PRINTF (2, 3) _GL_ARG_NONNULL ((1, 2))); _GL_CXXALIAS_RPL (obstack_printf, int, (struct obstack *obs, const char *format, ...)); # else # if !@HAVE_DECL_OBSTACK_PRINTF@ _GL_FUNCDECL_SYS (obstack_printf, int, (struct obstack *obs, const char *format, ...) _GL_ATTRIBUTE_FORMAT_PRINTF (2, 3)