fedora 24
buffer weakness #27

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Requires maximum length in CHARACTERS, not bytes.

File Name:

Ardour-5.10.0/libs/pbd/msvc/msvc_pbd.cc

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 buffer weakness.

 //
//	Returns:
//
//    On Success: Pointer to a (heap based) DIR structure
//    On Failure: NULL
//
LIBPBD_API DIR* PBD_APICALLTYPE
opendir (const char *szPath)
{
wchar_t wpath[PATH_MAX+1];
unsigned int rc;
DIR *pDir = 0;

	errno = 0;

	if (!szPath)
		errno = EFAULT;

	if ((!errno) && ('\0' == szPath[0]))
		errno = ENOTDIR;

	// Determine if the given path really is a directory

	if (!errno)
		if (0 == MultiByteToWideChar (CP_UTF8, 0, (LPCSTR)szPath, -1, (LPWSTR)wpath, sizeof(wpath)))
			errno = EFAULT;

	if ((!errno) && ((rc = GetFileAttributesW(wpath)) == -1))
		errno = ENOENT;

	if ((!errno) && (!(rc & FILE_ATTRIBUTE_DIRECTORY)))
		// Error. Entry exists but not a directory. */
		errno = ENOTDIR;

	if (!errno)
	{
		// Allocate enough memory to store DIR structure, plus
		// the complete directory path originally supplied.
		pDir = (DIR *)malloc(sizeof(DIR) + strlen(szPath) + strlen("\\") + strlen ("*"));

		if (!pDir)
		{
			// Error - out of memory
			errno = ENOMEM;
		}
	}

	if (!errno)
	{
		// Create the search expression 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.