fedora 23
buffer weakness #4

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

dl_class_1.9/utility/decrypt.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 buffer weakness.

   if(uni<0.0)uni+=1.0;
  u[ir]=uni;
  ir--;
  if(ir<0)ir=96;
  jr--;
  if(jr<0)jr=96;
  ww-=cd;
  if(ww<0.0)ww+=cm;
  uni-=ww;
  if(uni<0.0)uni+=1.0;
  return uni;
}

main(int  argc, char *argv[])
{ 
  char fname[100],ename[100];
  FILE *fpi,*fpo,*fopen();
  int kkk[1000];
  int i,j,k,c,n;
  if(argc == 1)
    {
      printf("\nEnter the password: ");
      gets(key);
      printf("\nEnter the file name for decryption: ");
      gets(fname);
    }
  else
    {
      strcpy(key,argv[1]);
      strcpy(fname,argv[2]);
    }
  n=1000;
  setrnd();
  for(i=0;i<n;i++)
    kkk[i]=(int)(256.0*randum());
  strcpy(ename,fname);
  ename[strlen(fname)-1]='z';
  printf("\nThe output file will be named: %s\n",ename);
  if((fpi=fopen(fname,"r"))==NULL)
    {
      printf("\nError - file %s not found",fname);
      exit(1);
    }      
  if((fpo=fopen(ename,"w"))==NULL)
    {
      printf("\nError - file %s not opened",ename);
      exit(1);
    }
  j=0;
  while((c = getc(fpi)) != EOF) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.