fedora 23
buffer weakness #54

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

alsa-lib-1.1.1/src/input.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 buffer weakness.

  *   the License, or (at your option) any later version.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU Lesser General Public License for more details.
 *
 *   You should have received a copy of the GNU Lesser General Public
 *   License along with this library; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
 *
 */

#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include "local.h"

#ifndef DOC_HIDDEN

typedef struct _snd_input_ops {
	int (*close)(snd_input_t *input);
	int (*scan)(snd_input_t *input, const char *format, va_list args);
	char *(*(gets))(snd_input_t *input, char *str, size_t size);
	int (*getch)(snd_input_t *input);
	int (*ungetch)(snd_input_t *input, int c);
} snd_input_ops_t;

struct _snd_input {
	snd_input_type_t type;
	const snd_input_ops_t *ops;
	void *private_data;
};
#endif

/**
 * \brief Closes an input handle.
 * \param input The input handle to be closed.
 * \return Zero if successful, otherwise a negative error code.
 */
int snd_input_close(snd_input_t *input)
{
	int err = input->ops->close(input);
	free(input);
	return err;
}

/**
 * \brief Reads formatted input (like \c fscanf(3)) from an input handle. 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.