fedora 24
buffer weakness #7

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

ascend/disused/compiler/termsetup.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 buffer weakness.

 void TermSetup_ResetTerminal()
{
#ifndef _HPUX_SOURCE
  if (g_terminal_inited){
    if (ioctl(g_filenum,TIOCSETN,&g_new_terminal_settings)==-1)
      InterfaceError();
  }
  else
    SetupTerminal();
  ClearScreen();
#endif  /* ! _HPUX_SOURCE */
}

void ReadString(str,len)
     char *str;
     int *len;
{
  struct sgttyb old,new;
  int filenum;
  filenum = fileno(stdin);
  if (ioctl(filenum,TIOCGETP,&old)==-1) InterfaceError();
  new = old;
  new.sg_flags = (new.sg_flags|ECHO)&(~CBREAK)&(~RAW);
  if (ioctl(filenum,TIOCSETN,&new)==-1) InterfaceError();
  str = gets(str);
  *len = strlen(str);
  if (ioctl(filenum,TIOCSETN,&old)==-1) InterfaceError();
}

#else   /* __WIN32__ */

int OutputChar(char c)
{
  fprintf(stderr,"OutputChar() not implemented in Windows.\n");
  return 0;
}

void DeleteBackOne(void)
{
  fprintf(stderr,"DeleteBackOne() not implemented in Windows.\n");
}

void ClearScreen(void)
{
  fprintf(stderr,"ClearScreen() not implemented in Windows.\n");
}

void Bell(void)
{
  fprintf(stderr,"Bell() not implemented in Windows.\n"); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.