alpine 3.6
buffer weakness #10

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

syslinux/src/syslinux-6.04-pre1/com32/hdt/hdt-menu-pci.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

     if ((pci_device->dev_info->irq > 0) && (pci_device->dev_info->irq < 255)) {
	snprintf(buffer, sizeof buffer, "IRQ     : %d",
		 pci_device->dev_info->irq);
	snprintf(statbuffer, sizeof statbuffer, "IRQ : %d",
		 pci_device->dev_info->irq);
	add_item(buffer, statbuffer, OPT_INACTIVE, NULL, 0);
	menu->items_count++;
    }

    snprintf(buffer, sizeof buffer, "Latency : %d",
	     pci_device->dev_info->latency);
    snprintf(statbuffer, sizeof statbuffer, "Latency : %d",
	     pci_device->dev_info->latency);
    add_item(buffer, statbuffer, OPT_INACTIVE, NULL, 0);
    menu->items_count++;

    memset(kernel_modules, 0, sizeof(kernel_modules));

    if (pci_device->dev_info->linux_kernel_module_count > 1) {
	for (int i = 0;
	     i < pci_device->dev_info->linux_kernel_module_count; i++) {
	    if (i > 0) {
		strncat(kernel_modules, " | ", 3);
	    }
	    strncat(kernel_modules,
		    pci_device->dev_info->linux_kernel_module[i],
		    LINUX_KERNEL_MODULE_SIZE - 1);
	}
	snprintf(buffer, sizeof buffer, "Modules : %s", kernel_modules);
	snprintf(statbuffer, sizeof statbuffer, "Kernel Modules: %s",
		 kernel_modules);
    } else {
	snprintf(buffer, sizeof buffer, "Module  : %s",
		 pci_device->dev_info->linux_kernel_module[0]);
	snprintf(statbuffer, sizeof statbuffer, "Kernel Module: %s",
		 pci_device->dev_info->linux_kernel_module[0]);
    }
    add_item(buffer, statbuffer, OPT_INACTIVE, NULL, 0);
    menu->items_count++;

    if (hardware->is_pxe_valid == true) {
	if ((hardware->pxe.pci_device != NULL)
	    && (hardware->pxe.pci_device == pci_device)) {

	    snprintf(buffer, sizeof buffer, "MAC Addr: %s",
		     hardware->pxe.mac_addr);
	    snprintf(statbuffer, sizeof statbuffer, "MAC Address : %s",
		     hardware->pxe.mac_addr);
	    add_item(buffer, statbuffer, OPT_INACTIVE, NULL, 0);
	    menu->items_count++; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.