fedora 23
buffer weakness #58

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

ftplib-3.1-1/old/ftpsend.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 buffer weakness.

 int ftpsend(char *host, char *user, char *pass, char *root, char mode)
{
    char fnm[256];

    if (!ftpOpen(host))
    {
	fprintf(stderr,"Unable to connect to node %s\n%s",host,ftplib_lastresp);
	return 0;
    }
    if (!ftpLogin(user,pass))
    {
	fprintf(stderr,"Login failure\n%s",ftplib_lastresp);
	return 0;
    }
    if (root)
    {
	if (!ftpChdir(root))
	{
	    fprintf(stderr,"Chdir failed\n%s",ftplib_lastresp);
	    return 0;
	}
    }
    if (!ftpSite("umask 022"))
	fprintf(stderr,"umask command failed\n");
    while (gets(fnm) != NULL)
    {
	struct stat info;
	if (stat(fnm,&info) == -1)
	    perror(fnm);
	else
	{
	    if (S_ISDIR(info.st_mode))
	    {
		if (!ftpMkdir(fnm))
		    fprintf(stderr,"mkdir %s failed\n%s",fnm,ftplib_lastresp);
		else
		    if (ftplib_debug > 1)
			fprintf(stderr,"Directory %s created\n",fnm);
	    }
	    else
	    {
		if (!ftpPut(fnm,fnm,mode))
		fprintf(stderr,"Put of %s failed\n%s",fnm,ftplib_lastresp);
		else
		if (ftplib_debug > 1)
			fprintf(stderr,"File %s sent\n",fnm);
	    }
	}
    }
    ftpQuit(); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.