fedora 23
buffer weakness #33

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

glob2-0.9.4.4/src/EntityType.cpp

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 buffer weakness.

 	Uint32 *startData;
	getVars(&size, &startData);
	for (size_t i=0;i<size;i++)
	{
		std::ostringstream oss;
		oss << "entitytype" << i;
		startData[i] = stream->readUint32(oss.str().c_str());
	}
}

bool EntityType::loadText(GAGCore::InputStream *stream)
{
	char temp[256];
	char *token;
	char *varname;
	int val;

	size_t varSize;
	Uint32 *startData;
	const char **tab=getVars(&varSize, &startData);	

	assert(stream);
	while (true)
	{
		if (!Utilities::gets(temp, 256, stream))
			return false;
		if (temp[0]=='*')
			return true;
		token=strtok(temp," \t\n\r=;");
		if ((!token) || (strcmp(token,"//")==0))
			continue;
		varname=token;
		token=strtok(NULL," \t\n\r=;");
		if (token)
			val=atoi(token);
		else
			val=0;

		for (size_t i=0; i<varSize; i++)
			if (strcmp(tab[i],varname)==0)
			{
				*(startData+i)=val;
				break;
			}
	}
}

void EntityType::save(GAGCore::OutputStream *stream)
{
	size_t size; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.