centos 7
buffer weakness #9


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:



The highlighted line of code below is the trigger point of this particular Centos 7 buffer weakness.

 	strcat(buf, "\n");

static void dump_data(unsigned int adx, unsigned int *buf, int len)
	char ascii_buffer[17];
	int i, k, j;

	for (i = 0; i < (len / 4);) {
		iprprint("%08X: ", adx+(i*4));

		memset(ascii_buffer, '\0', sizeof(ascii_buffer));

		for (j = 0; i < (len / 4) && j < 4; j++, i++) {
			__iprprint("%08X ", ntohl(buf[i]));
			memcpy(&ascii_buffer[j*4], &buf[i], 4);
			for (k = 0; k < 4; k++) {
				if (!isprint(ascii_buffer[(j*4)+k]))
					ascii_buffer[(j*4)+k] = '.';

		for (;j < 4; j++) {
			__iprprint("         ");
			strncat(ascii_buffer, "....", sizeof(ascii_buffer)-1);

		__iprprint("   |%s|\n", ascii_buffer);

static int flit(struct ipr_ioa *ioa, int argc, char *argv[])
	struct ipr_flit flit;
	int rc;

	rc = debug_ioctl(ioa, IPRDBG_FLIT, 0, 0, (unsigned int *)&flit, sizeof(flit));

	if (!rc)

	return rc;

static int speeds(struct ipr_ioa *ioa, int argc, char *argv[])
	unsigned int length = 64;
	unsigned int *buffer = calloc(length/4, 4);
	unsigned int adx, bus_speed;
	int num_buses, bus, i, j, rc; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.