fedora 24
buffer weakness #32

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

allegro-4.4.2/addons/jpgalleg/misc/runner.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 buffer weakness.

 	       if (argv[i][j] == '/')
		  fputc('\\', f);
	       else
		  fputc(argv[i][j], f);
	    }
	    fputc('\n', f);
	 }
	 else
	    fprintf(f, "%s\n", argv[i]);
      }
      else {
	 if (buf[0])
	    strncat(buf, " ", sizeof(buf)-1);

	 if (flip_slashes) {
	    j = strlen(buf);
	    strncat(buf, argv[i], sizeof(buf)-1);
	    while (buf[j]) {
	       if (buf[j] == '/')
		  buf[j] = '\\';
	       j++;
	    }
	 }
	 else
	    strncat(buf, argv[i], sizeof(buf)-1);
      }
   }

   if (f) {
      fclose(f);
      strncat(buf, " @_tmpfile.arg", sizeof(buf)-1);
   }

   p = strchr(buf, ' ');
   if (p) {
      if (strlen(p) >= 126) {
	 fprintf(stderr, "Runner oops: command line is longer than 126 characters!\n");
	 remove("_tmpfile.arg");
	 return 1; 
      }
   }

   ret = system(buf);

   remove("_tmpfile.arg");

   return ret;
}
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.