centos 7
buffer weakness #18

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

audit-2.8.4/lib/audit_logging.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 buffer weakness.

         if (pgname == NULL) {
		if (exename[0] == 0)
	                _get_exename(exename, sizeof(exename));
        } else if (pgname[0] != '"')
                snprintf(exename, sizeof(exename), "\"%s\"", pgname);
        else
                snprintf(exename, sizeof(exename), "%s", pgname);

	/* Fill in tty if needed */
	if (tty == NULL) 
		tty = _get_tty(ttyname, TTY_PATH);
	else if (*tty == 0)
		tty = NULL;

	/* Get the local name if we have a real tty */
	if (host == NULL && tty)
		host = _get_hostname(tty);

	if (name && id == -1) {
		char user[MAX_USER];
		const char *format;
		size_t len;

		user[0] = 0;
		strncat(user, name, MAX_USER-1);
		len = strnlen(user, UT_NAMESIZE);
		user[len] = 0;
		if (audit_value_needs_encoding(name, len)) {
			audit_encode_value(user, name, len);
			format = 
	     "op=%s acct=%s exe=%s hostname=%s addr=%s terminal=%s res=%s";
		} else
			format = 
	 "op=%s acct=\"%s\" exe=%s hostname=%s addr=%s terminal=%s res=%s";

		snprintf(buf, sizeof(buf), format,
			op, user, exename,
			host ? host : "?",
			addrbuf,
			tty ? tty : "?",
			success
			);
	} else
		snprintf(buf, sizeof(buf),
		"op=%s id=%u exe=%s hostname=%s addr=%s terminal=%s res=%s",
			op, id, exename,
			host ? host : "?",
			addrbuf,
			tty ? tty : "?",
			success 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.