fedora 23
buffer weakness #50

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

fpm2-0.79/src/fpm_gpw.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 buffer weakness.

 			gboolean	use_num,
			gboolean	use_sym,
			gboolean	no_amb)
/* This routine sets what types of characters can be used in
 * generated passwords */
{
  const gchar chars_lcase1[] = "abcdefghijkmnpqrstuvwxyz";
  const gchar chars_lcase2[] = "lo";
  const gchar chars_ucase1[] = "ABCDEFHJKLMNPQRSTUVWXYZ";
  const gchar chars_ucase2[] = "IOG";
  const gchar chars_num1[] = "2345789";
  const gchar chars_num2[] = "016";
  const gchar chars_sym1[] = "!@#$ %&*()+=/{}[]:;<>";
  const gchar chars_sym2[] = "_-|,.''~^";


  gpw_len=pw_len;
  gpw_use_lcase=use_lcase;
  gpw_use_ucase=use_ucase;
  gpw_use_num=use_num;
  gpw_use_sym=use_sym;
  gpw_no_amb=no_amb;

  strncpy(gpw_chars, "", GPW_CHAR_BUFFER);
  if (gpw_use_lcase) strncat(gpw_chars, chars_lcase1, GPW_CHAR_BUFFER-1);
  if (gpw_use_ucase) strncat(gpw_chars, chars_ucase1, GPW_CHAR_BUFFER-1);
  if (gpw_use_num) strncat(gpw_chars, chars_num1, GPW_CHAR_BUFFER-1);
  if (gpw_use_sym) strncat(gpw_chars, chars_sym1, GPW_CHAR_BUFFER-1);
  if (!no_amb)
  {
    if (gpw_use_lcase) strncat(gpw_chars, chars_lcase2, GPW_CHAR_BUFFER-1);
    if (gpw_use_ucase) strncat(gpw_chars, chars_ucase2, GPW_CHAR_BUFFER-1);
    if (gpw_use_num) strncat(gpw_chars, chars_num2, GPW_CHAR_BUFFER-1);
    if (gpw_use_sym) strncat(gpw_chars, chars_sym2, GPW_CHAR_BUFFER-1);
  }

  gpw_num_chars = strlen(gpw_chars);
}

static gboolean
fpm_gpw_get_check_button_value(GtkWidget* win, gchar* check_name)
{
  GtkWidget* widget;
  widget = lookup_widget(win, check_name);
  return(gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget)));
}

static void
fpm_gpw_set_check_button_value(	GtkWidget* win,	
				gchar* check_name, 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.