alpine 3.6
buffer weakness #126

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

qemu/src/qemu-2.8.1/roms/openbios/arch/unix/plugins.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

 	}
#ifdef CONFIG_DEBUG_PLUGINS
	plugin_info = dlsym(handle, "plugin_author");
	if ((error = dlerror()) == NULL)
		printf("Plugin %s author:  %s\n", plugin_name, *plugin_info);
	plugin_info = dlsym(handle, "plugin_license");
	if ((error = dlerror()) == NULL)
		printf("Plugin %s license: %s\n", plugin_name, *plugin_info);
	plugin_info = dlsym(handle, "plugin_description");
	if ((error = dlerror()) == NULL)
		printf("Plugin %s descr.: %s\n", plugin_name, *plugin_info);
#endif
	p = malloc(sizeof(plugin_t));
	p->next = plugins;
	p->name = plugin_name;
	plugins = p;

	deps = dlsym(handle, "plugin_deps");
	if ((error = dlerror()) != NULL)
		deps = NULL;


	strncpy(path, "plugin_", PATHSIZE);
	strncat(path, plugin_name, PATHSIZE);
	strncat(path, "_init", PATHSIZE);

	init_plugin = dlsym(handle, path);
	if ((error = dlerror()) != NULL) {
		printf("error: %s\n", error);
		exit(1);
	}

	if (deps) {
		int i = 0;
		char *walk = deps[0];
#ifdef CONFIG_DEBUG_PLUGINS
		printf("\nPlugin %s dependencies:", plugin_name);
#endif
		while (walk) {
			printf(" %s", walk);
			if (!is_loaded(walk)) {
#ifdef CONFIG_DEBUG_PLUGINS
				printf("(loading)\n");
#endif
				load_plugin(walk);
			}
#ifdef CONFIG_DEBUG_PLUGINS
			else {
				printf("(loaded)");
			} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.