alpine 3.6
buffer weakness #14

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

syslinux/src/syslinux-6.04-pre1/com32/modules/pcitest.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

     }						\
    printf ( __VA_ARGS__);			\
  } while (0);

void display_pci_devices(struct pci_domain *pci_domain)
{
    struct pci_device *pci_device;
    char kernel_modules[LINUX_KERNEL_MODULE_SIZE *
			MAX_KERNEL_MODULES_PER_PCI_DEVICE];

    for_each_pci_func(pci_device, pci_domain) {

	memset(kernel_modules, 0, sizeof kernel_modules);

/*	printf("PCI: found %d kernel modules for  %04x:%04x[%04x:%04x]\n",
		  pci_device->dev_info->linux_kernel_module_count,
		  pci_device->vendor, pci_device->product,
		  pci_device->sub_vendor, pci_device->sub_product);
*/
	for (int i = 0; i < pci_device->dev_info->linux_kernel_module_count;
	     i++) {
	    if (i > 0) {
		strncat(kernel_modules, " | ", 3);
	    }
	    strncat(kernel_modules,
		    pci_device->dev_info->linux_kernel_module[i],
		    LINUX_KERNEL_MODULE_SIZE - 1);
	}

	moreprintf("%04x:%04x[%04x:%04x]: %s\n",
		   pci_device->vendor, pci_device->product,
		   pci_device->sub_vendor, pci_device->sub_product,
		   pci_device->dev_info->class_name);

	moreprintf(" Vendor Name      : %s\n",
		   pci_device->dev_info->vendor_name);
	moreprintf(" Product Name     : %s\n",
		   pci_device->dev_info->product_name);
	moreprintf(" PCI bus position : %02x:%02x.%01x\n", __pci_bus,
		   __pci_slot, __pci_func);
	moreprintf(" Kernel modules   : %s\n\n", kernel_modules);
    }
}

int main(int argc, char *argv[])
{
    struct pci_domain *pci_domain;
    int return_code = 0;
    int nb_pci_devices = 0;
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.