fedora 24
buffer weakness #28

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

dump-0.4b46/restore/xattr.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 buffer weakness.

 		}

#ifdef TRANSSELINUX			/*GAN6May06 SELinux MLS */
		if (convertcon  &&  strcmp(name, "security.selinux"))
			convertcon = 0;	/*GAN24May06 only for selinux */

		if (convertcon) {
			security_context_t con = NULL;
			int err;

			if (!transselinuxarg)
				err = security_canonicalize_context(value, &con);
			else {
				strncat(value, transselinuxarg, sizeof(value) - 1);
				err = security_canonicalize_context_raw(value, &con);
			}

			if (err < 0) {
				warn("%s: EA canonicalize failed\n", value);
				return FAIL;
			}

			size = strlen(con) + 1;
			value[0] = 0;
			strncat(value, con, sizeof(value) - 1);
			freecon(con);
		}
#endif

		if (xattr_cb(name, value, size, convertcon, private) != GOOD)
			return FAIL;
	}

	return GOOD;
}

int
xattr_compare(char *path, char *buffer)
{
	int countf, countt;
	char *names = NULL, *end_names, *name;

	countf = llistxattr(path, NULL, 0);
	if (countf < 0) {
		warn("%s: llistxattr failed", path);
		return FAIL;
	}

	names = malloc(countf + 1);
	if (!names) { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.