alpine 3.6
buffer weakness #131


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

 			return -1;
		p = p->next;
	return 0;

int load_plugin(const char *plugin_name)
	void *handle;
	char *error;
	char path[PATHSIZE];

	int (*init_plugin) (void);
	char **deps;
	char **plugin_info;
	plugin_t *p;

	if (is_loaded(plugin_name)) {
		printf("Plugin %s already loaded.\n", plugin_name);
		return 0;

	strncpy(path, PLUGINDIR, PATHSIZE);
	strncat(path, "/plugin_", PATHSIZE);
	strncat(path, plugin_name, PATHSIZE);
	strncat(path, ".so", PATHSIZE);

	printf("Opening plugin %s\n", path);

	handle = dlopen(path, RTLD_LAZY | RTLD_GLOBAL);
	if (!handle) {
		error = dlerror();
		printf("Error: Could not open plugin \"%s\": %s\n",
		       plugin_name, error);
	plugin_info = dlsym(handle, "plugin_author");
	if ((error = dlerror()) == NULL)
		printf("Plugin %s author:  %s\n", plugin_name, *plugin_info);
	plugin_info = dlsym(handle, "plugin_license");
	if ((error = dlerror()) == NULL)
		printf("Plugin %s license: %s\n", plugin_name, *plugin_info);
	plugin_info = dlsym(handle, "plugin_description");
	if ((error = dlerror()) == NULL)
		printf("Plugin %s descr.: %s\n", plugin_name, *plugin_info);
	p = malloc(sizeof(plugin_t)); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.