fedora 24
format weakness #64

4

Weakness Breakdown


Definition:

A format string exploit occurs when the data of an input string is evaluated as a command by the program. This class of attacks is very similar to buffer overflows since an attacker could execute code, read the stack or cause new behaviors that compromise security. Learn more about format string attacks on OWASP attack index.

Warning code(s):

If format strings can be influenced by an attacker, they can be exploited.

File Name:

ahcpd-0.53/ahcpd.h

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 format weakness.

 struct network {
    char *ifname;
    int ifindex;
};

#define MAXNETWORKS 20
extern struct network networks[MAXNETWORKS];

extern struct in6_addr protocol_group;
extern unsigned int protocol_port;
extern int protocol_socket;

extern const unsigned char zeroes[16], ones[16];

void timeval_min(struct timeval *d, const struct timeval *s);
void timeval_min_sec(struct timeval *d, int secs);
void timeval_minus(struct timeval *d,
                   const struct timeval *s1, const struct timeval *s2);
int timeval_minus_msec(const struct timeval *s1, const struct timeval *s2);
void timeval_plus_msec(struct timeval *d,
                       const struct timeval *s, int msecs);
int timeval_compare(const struct timeval *s1, const struct timeval *s2);
int clock_stepped();
void do_debugf(int level, const char *format, ...)
    ATTRIBUTE ((format (printf, 2, 3))) COLD;

#if defined NO_DEBUG

#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L
#define debugf(_level, ...) do {} while(0)
#elif defined __GNUC__
#define debugf(_level, _args...) do {} while(0)
#else
static inline void debugf(_level, const char *format, ...) { return; }
#endif

#else

#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L
#define debugf(_level, ...)                      \
    do { \
        if(UNLIKELY(debug >= _level)) do_debugf(_level, __VA_ARGS__);     \
    } while(0)
#elif defined __GNUC__
#define debugf(_level, _args...)                 \
    do { \
        if(UNLIKELY(debug >= _level)) do_debugf(_level, _args);   \
    } while(0)
#else
static inline void debugf(int _level, const char *format, ...) { return; } 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.