alpine 3.6
buffer weakness #153

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

linux-pam/src/Linux-PAM-1.2.1/modules/pam_issue/pam_issue.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

     struct utsname uts;

    *prompt = NULL;

    if ((issue = malloc(size)) == NULL) {
	pam_syslog(pamh, LOG_ERR, "out of memory");
	return PAM_BUF_ERR;
    }

    issue[0] = '\0';
    (void) uname(&uts);

    while ((c = getc(fp)) != EOF) {
	char buf[1024];

	buf[0] = '\0';
	if (c == '\\') {
	    if ((c = getc(fp)) == EOF)
		break;
	    switch (c) {
	      case 's':
		strncat(buf, uts.sysname, sizeof(buf) - 1);
		break;
	      case 'n':
		strncat(buf, uts.nodename, sizeof(buf) - 1);
		break;
	      case 'r':
		strncat(buf, uts.release, sizeof(buf) - 1);
		break;
	      case 'v':
		strncat(buf, uts.version, sizeof(buf) - 1);
		break;
	      case 'm':
		strncat(buf, uts.machine, sizeof(buf) - 1);
		break;
	      case 'o':
		{
		    char domainname[256];

		    if (getdomainname(domainname, sizeof(domainname)) >= 0) {
			domainname[sizeof(domainname)-1] = '\0';
			strncat(buf, domainname, sizeof(buf) - 1);
		    }
		}
		break;
	      case 'd':
	      case 't':
		{
		    const char *weekday[] = {
			"Sun", "Mon", "Tue", "Wed", "Thu", 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.