fedora 23
buffer weakness #47


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 23 buffer weakness.

	Thanks to Thomas Harte for this code! I had no idea it was necessary (it isn't on my Windows XP computer, and
	I haven't tested it).

	char filename_buffer [DATADIR_SIZE];
	strncpy(filename_buffer, data_directory, sizeof(filename_buffer));
	strncat(filename_buffer, "init.txt", sizeof(filename_buffer));
	if (access(filename_buffer, W_OK) == 0)
	{/*We can write the init file*/
	{/*We can not write the init where it is*/
		char right_path[512];
		const char * unix_path = getenv("HOME");
		const char * vista_path = getenv("APPDATA");
		strncpy(right_path, (unix_path != NULL ? unix_path : vista_path), sizeof(right_path) );
		strncat(right_path, "/.garden", sizeof(right_path) );
		if (access(right_path, R_OK) != 0 ) /* we have to mkdir */
			/* platform-specific function, see system.h*/
		strncat(right_path, "/init.txt", sizeof(right_path) );
		if (access(right_path, R_OK) != 0 )
			char buffer[128];
			int bytes_read;
			FILE * unwritable_file = fopen(filename_buffer, "r");
			FILE * init_file = fopen(right_path, "w");
			while (bytes_read = fread(buffer, 1, sizeof(buffer), unwritable_file) )
				fwrite ( buffer, 1, bytes_read, init_file );


	     char *HPath = getenv("HOME");

	// use this if for some reason you're running Windows Vista:
	//        char *HPath = getenv("APPDATA");

		 char ConfigPath[2048];

		 sprintf(ConfigPath, "%s/.GardenOfColouredLights", HPath); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.