alpine 3.6
buffer weakness #253

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

nfdump/src/nfdump-1.6.15/bin/flist.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

 
	return NULL;

} // End of GuessSubDir

char *GetSubDir(struct  tm *now ) {
static char subpath[255];
size_t sublen;

	sublen = strftime(subpath, 254, subdir_format, now);

	return sublen == 0 ? NULL : subpath;

} // End of GetSubDir

int SetupSubDir(char *dir, char *subdir, char *error, size_t errlen ) {
char *p, path[MAXPATHLEN];
struct stat stat_buf;
size_t	sublen, pathlen;
int err;

	error[0] = '\0';

	path[0] = '\0';
	strncat(path, dir, MAXPATHLEN-1);
	path[MAXPATHLEN-1] = '\0';

	sublen  = strlen(subdir);
	pathlen = strlen(path);
	// set p as reference between path and subdir
	if ( (sublen + pathlen + 2) >= (MAXPATHLEN-1) ) {	// +2 : add 1 for '/'
		snprintf(error, errlen, "Path '%s': too long", path);
		return 0;
	}

	p = path + pathlen;	// points to '\0' of path
	*p++ = '/';
	*p   = '\0';

	strncat(path, subdir, MAXPATHLEN-pathlen-2);	// +2: add 1 for '/'

	// our cwd is basedir ( -l ) so test if, dir exists
	if ( stat(path, &stat_buf) == 0 ) {
		if ( S_ISDIR(stat_buf.st_mode) ) {
			// sub directory already exists
			return 1;
		} else {
			// an entry with this name exists, but it's not a directory
			snprintf(error, errlen, "Path '%s': %s ", path, strerror(ENOTDIR));
			return 0; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.