fedora 23
buffer weakness #43

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

fastd-18/src/iface.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 buffer weakness.

 	char dev_name[5+IFNAMSIZ] = "/dev/";
	const char *type;

	switch (get_iface_type()) {
	case IFACE_TYPE_TAP:
		type = "tap";
		break;

	case IFACE_TYPE_TUN:
		type = "tun";
		break;

	default:
		exit_bug("invalid mode");
	}

	iface->cleanup = true;

	if (ifname) {
		if (strlen(ifname) <= 3 || strncmp(ifname, type, 3) != 0) {
			pr_error("Invalid %s interface '%s'", type, ifname);
			return false;
		}

		strncat(dev_name, ifname, IFNAMSIZ-1);

		if (if_nametoindex(ifname))
			iface->cleanup = false;
	}
	else {
		strncat(dev_name, type, IFNAMSIZ-1);
	}

	iface->fd = FASTD_POLL_FD(POLL_TYPE_IFACE, open(dev_name, O_RDWR|O_NONBLOCK));
	if (iface->fd.fd < 0) {
		pr_error_errno("could not open TUN/TAP device file");
		return false;
	}

	if (!(iface->name = fdevname_r(iface->fd.fd, fastd_alloc(IFNAMSIZ), IFNAMSIZ)))
		exit_errno("could not get TUN/TAP interface name");

	switch (get_iface_type()) {
	case IFACE_TYPE_TAP:
		if (!setup_tap(iface, mtu))
			return false;
		break;

	case IFACE_TYPE_TUN:
		if (!setup_tun(iface, mtu)) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.