Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

fedora 25
buffer weakness #17

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

collectd-5.8.0/src/memcached.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 buffer weakness.

       submit_derive("memcached_ops", "delete_misses", atoll(fields[2]), st);
    }

    /*
     * Network traffic
     */
    else if (FIELD_IS("bytes_read")) {
      octets_rx = atoll(fields[2]);
    } else if (FIELD_IS("bytes_written")) {
      octets_tx = atoll(fields[2]);
    }
  } /* while ((line = strtok_r (ptr, "\n\r", &saveptr)) != NULL) */

  if ((bytes_total > 0) && (bytes_used <= bytes_total))
    submit_gauge2("df", "cache", bytes_used, bytes_total - bytes_used, st);

  if ((rusage_user != 0) || (rusage_syst != 0))
    submit_derive2("ps_cputime", NULL, rusage_user, rusage_syst, st);

  if ((octets_rx != 0) || (octets_tx != 0))
    submit_derive2("memcached_octets", NULL, octets_rx, octets_tx, st);

  if ((cmd_get != 0) && (get_hits != 0)) {
    gauge_t ratio =
        calculate_ratio_percent(get_hits, cmd_get, &prev->hits, &prev->gets);
    submit_gauge("percent", "hitratio", ratio, st);
  }

  if ((incr_hits != 0) && (incr_misses != 0)) {
    gauge_t ratio = calculate_ratio_percent2(
        incr_hits, incr_misses, &prev->incr_hits, &prev->incr_misses);
    submit_gauge("percent", "incr_hitratio", ratio, st);
    submit_derive("memcached_ops", "incr", incr_hits + incr_misses, st);
  }

  if ((decr_hits != 0) && (decr_misses != 0)) {
    gauge_t ratio = calculate_ratio_percent2(
        decr_hits, decr_misses, &prev->decr_hits, &prev->decr_misses);
    submit_gauge("percent", "decr_hitratio", ratio, st);
    submit_derive("memcached_ops", "decr", decr_hits + decr_misses, st);
  }

  return 0;
} /* int memcached_read */

static int memcached_set_defaults(memcached_t *st) {
  /* If no <Address> used then:
   * - Connect to the destination specified by <Host>, if present.
   *   If not, use the default address.
   * - Use the default hostname (set st->host to NULL), if 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.