fedora 24
buffer weakness #38

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

allegro-4.4.2/misc/vcvars.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 buffer weakness.

 	 strcat(data, "\\bin\\vcvars32.bat");

	 if (access(data, 4) == 0) {
	    printf("Found %s\n", data);
	    break;
	 }
      }

      data[0] = 0;
   }

   /* oh dear, have to ask the user where they put it */
   if (!data[0]) {
      printf("\n  Unable to find MSVC ProductDir information in your registry!\n\n");
      printf("  To install Allegro, I need to know the path where your compiler is\n");
      printf("  installed. Somewhere in your MSVC installation directory there will\n");
      printf("  be a file called vcvars32.bat, which contains this information.\n");
      printf("  Please enter the full path to where I can find that file, for example\n");
      printf("  c:\\Program Files\\Microsoft Visual Studio\\VC98\\bin\\vcvars32.bat\n");

      for (;;) {
	 printf("\n> ");
	 fflush(stdout);

	 if (gets(data)) {
	    i = strlen(data) - 12;
	    if (i < 0)
	       i = 0;

	    if (stricmp(data+i, "vcvars32.bat") != 0)
	       printf("\nError: that path doesn't end in vcvars32.bat!\n");
	    else if (access(data, 4) != 0)
	       printf("\nError: can't find a vcvars32.bat file there!\n");
	    else {
	       printf("\nUsing %s\n", data);
	       break;
	    }
	 }

	 data[0] = 0;
      }
   }

   /* put it in the environment */
   strcpy(name, "VCVARS=");
   strcat(name, data);

   putenv(name);
}
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.