alpine 3.6
buffer weakness #279

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

pjproject/src/pjproject-2.5.5/pjsip-apps/src/pjsystest/systest.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

     pjsua_config	    ua_cfg;
    pjsua_media_config	    media_cfg;
    pjmedia_aud_dev_index   rec_id;
    pjmedia_aud_dev_index   play_id;
} systest_t;

static systest_t systest;
static char textbuf[600];

/* Device ID to test */
int systest_cap_dev_id = PJMEDIA_AUD_DEFAULT_CAPTURE_DEV;
int systest_play_dev_id = PJMEDIA_AUD_DEFAULT_PLAYBACK_DEV;

static void systest_perror(const char *title, pj_status_t status)
{
    char errmsg[PJ_ERR_MSG_SIZE];
    char themsg[PJ_ERR_MSG_SIZE + 100];

    if (status != PJ_SUCCESS)
	pj_strerror(status, errmsg, sizeof(errmsg));
    else
	errmsg[0] = '\0';

    strcpy(themsg, title);
    strncat(themsg, errmsg, sizeof(themsg)-1);
    themsg[sizeof(themsg)-1] = '\0';

    gui_msgbox("Error", themsg, WITH_OK);
}

test_item_t *systest_alloc_test_item(const char *title)
{
    test_item_t *ti;

    if (test_item_count == SYSTEST_MAX_TEST) {
	gui_msgbox("Error", "You have done too many tests", WITH_OK);
	return NULL;
    }

    ti = &test_items[test_item_count++];
    pj_bzero(ti, sizeof(*ti));
    pj_ansi_strcpy(ti->title, title);

    return ti;
}

/*****************************************************************************
 * test: play simple ringback tone and hear it
 */
static void systest_play_tone(void) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.