rhel 7
format weakness #32

4

Weakness Breakdown


Definition:

A format string exploit occurs when the data of an input string is evaluated as a command by the program. This class of attacks is very similar to buffer overflows since an attacker could execute code, read the stack or cause new behaviors that compromise security. Learn more about format string attacks on OWASP attack index.

Warning code(s):

If syslog's format strings can be influenced by an attacker, they can be exploited.

File Name:

libcxgb3-1.3.1/src/iwch.h

Context:

The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 7 format weakness.

 			 struct ibv_qp_attr *attr,
			 int attr_mask,
			 struct ibv_qp_init_attr *init_attr);
extern void iwch_flush_qp(struct iwch_qp *qhp);
extern void iwch_flush_qps(struct iwch_device *dev);
extern int t3a_post_send(struct ibv_qp *ibqp, struct ibv_send_wr *wr,
			  struct ibv_send_wr **bad_wr);
extern int t3b_post_send(struct ibv_qp *ibqp, struct ibv_send_wr *wr,
			  struct ibv_send_wr **bad_wr);
extern int t3a_post_recv(struct ibv_qp *ibqp, struct ibv_recv_wr *wr,
			  struct ibv_recv_wr **bad_wr);
extern int t3b_post_recv(struct ibv_qp *ibqp, struct ibv_recv_wr *wr,
			  struct ibv_recv_wr **bad_wr);
extern struct ibv_ah *iwch_create_ah(struct ibv_pd *pd,
			     struct ibv_ah_attr *ah_attr);
extern int iwch_destroy_ah(struct ibv_ah *ah);
extern int iwch_attach_mcast(struct ibv_qp *qp, const union ibv_gid *gid,
			     uint16_t lid);
extern int iwch_detach_mcast(struct ibv_qp *qp, const union ibv_gid *gid,
			     uint16_t lid);
extern void t3b_async_event(struct ibv_async_event *event);
#ifdef DEBUG
#include <syslog.h>
#define DBGLOG(s) openlog(s, LOG_NDELAY|LOG_PID, LOG_LOCAL7)
#define PDBG(fmt, args...) do {syslog(LOG_DEBUG, fmt, ##args);} while (0)
#else
#define DBGLOG(s) 
#define PDBG(fmt, args...) do {} while (0)
#endif

#define FW_MAJ 5
#define FW_MIN 0

#endif				/* IWCH_H */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.