fedora 24
buffer weakness #20

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

CoinUtils-2.10.11/src/CoinFileIO.hpp

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 buffer weakness.

   static CoinFileInput *create (const std::string &fileName);

  /// Constructor (don't use this, use the create method instead).
  /// @param fileName The name of the file used by this object.
  CoinFileInput (const std::string &fileName);

  /// Destructor.
  virtual ~CoinFileInput ();

  /// Read a block of data from the file, similar to fread.
  /// @param buffer Address of a buffer to store the data into.
  /// @param size Number of bytes to read (buffer should be large enough).
  /// @return Number of bytes read.
  virtual int read (void *buffer, int size) = 0;

  /// Reads up to (size-1) characters an stores them into the buffer, 
  /// similar to fgets.
  /// Reading ends, when EOF or a newline occurs or (size-1) characters have
  /// been read. The resulting string is terminated with '\0'. If reading
  /// ends due to an encoutered newline, the '\n' is put into the buffer, 
  /// before the '\0' is appended.
  /// @param buffer The buffer to put the string into.
  /// @param size The size of the buffer in characters.
  /// @return buffer on success, or 0 if no characters have been read.
  virtual char *gets (char *buffer, int size) = 0;
};

/// Abstract base class for file output classes.
class CoinFileOutput: public CoinFileIOBase
{
public:

  /// The compression method.
  enum Compression { 
    COMPRESS_NONE = 0, ///< No compression.
    COMPRESS_GZIP = 1, ///< gzip compression.
    COMPRESS_BZIP2 = 2 ///< bzip2 compression.
  };

  /// Returns whether the specified compression method is supported 
  /// (i.e. was compiled into COIN).
  static bool compressionSupported (Compression compression);

  /// Factory method, that creates a CoinFileOutput (more precisely
  /// a subclass of it) for the file specified. If the compression method
  /// is not supported an exception is thrown (so use compressionSupported
  /// first, if this is a problem). The reason for not providing direct 
  /// access to the subclasses (and using such a method instead) is that
  /// depending on the build configuration some of the classes are not 
  /// available (or functional). This way we can handle all required ifdefs 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.