fedora 23
buffer weakness #48

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

garden-1.0.9/src/main.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 buffer weakness.

 	Normally this will prevent highscores and key configurations being saved, but the following code puts the
	initfile in a better place. This may be a default on some systems (eg Unixes and possibly Windows Vista)
	and can be set on some other systems.

	The only problem with this is that you'll have to manually type or copy the various other options (windowed,
	vsync, joystick buttons etc) into the initfile in this new location (or just copy the initfile across).

	Thanks to Thomas Harte for this code! I had no idea it was necessary (it isn't on my Windows XP computer, and
	I haven't tested it).

	*/
	char filename_buffer [DATADIR_SIZE];
	strncpy(filename_buffer, data_directory, sizeof(filename_buffer));
	strncat(filename_buffer, "init.txt", sizeof(filename_buffer));
	if (access(filename_buffer, W_OK) == 0)
	{/*We can write the init file*/
		set_config_file(filename_buffer);
	}
	else
	{/*We can not write the init where it is*/
		char right_path[512];
		const char * unix_path = getenv("HOME");
		const char * vista_path = getenv("APPDATA");
		strncpy(right_path, (unix_path != NULL ? unix_path : vista_path), sizeof(right_path) );
		strncat(right_path, "/.garden", sizeof(right_path) );
		if (access(right_path, R_OK) != 0 ) /* we have to mkdir */
		{
			/* platform-specific function, see system.h*/
			MKDIR(right_path);
		}
		strncat(right_path, "/init.txt", sizeof(right_path) );
		if (access(right_path, R_OK) != 0 )
		{
			char buffer[128];
			int bytes_read;
			FILE * unwritable_file = fopen(filename_buffer, "r");
			FILE * init_file = fopen(right_path, "w");
			while (bytes_read = fread(buffer, 1, sizeof(buffer), unwritable_file) )
				fwrite ( buffer, 1, bytes_read, init_file );
			fclose(init_file);
			fclose(unwritable_file);
		}
		set_config_file(right_path);
	}
	/*#ifdef UNIX_OSX_VISTA_ETC

	   {

	     char *HPath = getenv("HOME");
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.