alpine 3.6
buffer weakness #127

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

qemu/src/qemu-2.8.1/roms/openbios/arch/unix/plugins/loader.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

 		p = p->next;
	}
	return 0;
}

int load_plugin(const char *plugin_name)
{
	void *handle;
	char *error;
	char path[PATHSIZE];

	int (*init_plugin) (void);
	char **deps;
	char **plugin_info;
	plugin_t *p;

	if (is_loaded(plugin_name)) {
		printf("Plugin %s already loaded.\n", plugin_name);
		return 0;
	}

	strncpy(path, PLUGINDIR, PATHSIZE);
	strncat(path, "/plugin_", PATHSIZE);
	strncat(path, plugin_name, PATHSIZE);
	strncat(path, ".so", PATHSIZE);

#if DEBUG
	printf("Opening plugin %s\n", path);
#endif

	handle = dlopen(path, RTLD_LAZY | RTLD_GLOBAL);
	if (!handle) {
		error = dlerror();
		printf("Error: Could not open plugin \"%s\": %s\n",
		       plugin_name, error);
		exit(1);
	}
#ifdef DEBUG_PLUGINS
	plugin_info = dlsym(handle, "plugin_author");
	if ((error = dlerror()) == NULL)
		printf("Plugin %s author:  %s\n", plugin_name, *plugin_info);
	plugin_info = dlsym(handle, "plugin_license");
	if ((error = dlerror()) == NULL)
		printf("Plugin %s license: %s\n", plugin_name, *plugin_info);
	plugin_info = dlsym(handle, "plugin_description");
	if ((error = dlerror()) == NULL)
		printf("Plugin %s descr.: %s\n", plugin_name, *plugin_info);
#endif
	p = malloc(sizeof(plugin_t));
	p->next = plugins; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.