alpine 3.6
buffer weakness #273

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

xbindkeys/src/xbindkeys-1.8.6/keys.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

     {
      print_key (d, &keys[i]);
    }

  verbose = last_verbose;
}



void
modifier_to_string (unsigned int modifier, char *str)
{
  str[0] = '\0';

  if (modifier & ControlMask)
    {
      if (str[0])
	strncat (str, "+", STR_KEY_LEN);
      strncat (str, modifier_string[0], STR_KEY_LEN);
    }

  if (modifier & ShiftMask)
    {
      if (str[0])
	strncat (str, "+", STR_KEY_LEN);
      strncat (str, modifier_string[1], STR_KEY_LEN);
    }


  if (modifier & Mod1Mask)
    {
      if (str[0])
	strncat (str, "+", STR_KEY_LEN);
      strncat (str, modifier_string[2], STR_KEY_LEN);
    }

  if (modifier & Mod2Mask)
    {
      if (str[0])
	strncat (str, "+", STR_KEY_LEN);
      strncat (str, modifier_string[3], STR_KEY_LEN);
    }

  if (modifier & Mod3Mask)
    {
      if (str[0])
	strncat (str, "+", STR_KEY_LEN);
      strncat (str, modifier_string[4], STR_KEY_LEN);
    }
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.