alpine 3.6
buffer weakness #152

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

linux-pam/src/Linux-PAM-1.2.1/modules/pam_issue/pam_issue.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

 	    if ((c = getc(fp)) == EOF)
		break;
	    switch (c) {
	      case 's':
		strncat(buf, uts.sysname, sizeof(buf) - 1);
		break;
	      case 'n':
		strncat(buf, uts.nodename, sizeof(buf) - 1);
		break;
	      case 'r':
		strncat(buf, uts.release, sizeof(buf) - 1);
		break;
	      case 'v':
		strncat(buf, uts.version, sizeof(buf) - 1);
		break;
	      case 'm':
		strncat(buf, uts.machine, sizeof(buf) - 1);
		break;
	      case 'o':
		{
		    char domainname[256];

		    if (getdomainname(domainname, sizeof(domainname)) >= 0) {
			domainname[sizeof(domainname)-1] = '\0';
			strncat(buf, domainname, sizeof(buf) - 1);
		    }
		}
		break;
	      case 'd':
	      case 't':
		{
		    const char *weekday[] = {
			"Sun", "Mon", "Tue", "Wed", "Thu",
			"Fri", "Sat" };
		    const char *month[] = {
			"Jan", "Feb", "Mar", "Apr", "May",
			"Jun", "Jul", "Aug", "Sep", "Oct",
			"Nov", "Dec" };
		    time_t now;
		    struct tm *tm;

		    (void) time (&now);
		    tm = localtime(&now);

		    if (c == 'd')
			snprintf (buf, sizeof buf, "%s %s %d  %d",
				weekday[tm->tm_wday], month[tm->tm_mon],
				tm->tm_mday, tm->tm_year + 1900);
		    else
			snprintf (buf, sizeof buf, "%02d:%02d:%02d", 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.