centos 7
buffer weakness #5

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

konkretcmpi-0.9.1/src/konkretreg/main.cpp

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 buffer weakness.

 
        // Close the file:

        fclose(fp);
    }

    // Search for registration strings:

    // Search for version string.

    const char* p = &data[0];
    size_t n = data.size();
    const char REG[] = "@(#)KONKRET_REGISTRATION=";

    std::vector<Reg> regs;

    while (n >= sizeof(REG)-1)
    {
        if (memcmp(p, REG, sizeof(REG)-1) == 0)
        {
            char buf[4096];

            size_t r = strlen(p) + 1;
            *buf = '\0';
            strncat(buf, p + sizeof(REG)-1, sizeof(buf)-1);

            Reg reg;

            // Get nameSpace:

            char* q = strtok(buf, ":");

            if (q)
                reg.nameSpace = q;

            // Get className:

            if (q && (q = strtok(NULL, ":")))
                reg.className = q;

            // Get providerName:

            if (q && (q = strtok(NULL, ":")))
                reg.providerName = q;

            // Get types:

            if (q && (q = strtok(NULL, ":")))
                reg.types = q;
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.