alpine 3.6
buffer weakness #47

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

conky/src/conky-1.10.4/src/users.cc

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 buffer weakness.

 		}
	}
}
static void user_num(int *ptr)
{
	const struct utmp *usr;
	int users_num = 0;

	setutent();
	while ((usr = getutent()) != NULL) {
		if (usr->ut_type == USER_PROCESS) {
			++users_num;
		}
	}
	*ptr = users_num;
}
static void user_term(char *ptr)
{
	const struct utmp *usr;

	setutent();
	while ((usr = getutent()) != NULL) {
		if (usr->ut_type == USER_PROCESS) {
			if (strlen(ptr) + strlen(usr->ut_line) + 1 <= BUFLEN) {
				strncat(ptr, usr->ut_line, UT_LINESIZE);
			}
		}
	}
}
static void user_time(char *ptr)
{
	const struct utmp *usr;
	time_t log_in, real, diff;
	char buf[BUFLEN] = "";

	setutent();
	while ((usr = getutent()) != NULL) {
		if (usr->ut_type == USER_PROCESS) {
			log_in = usr->ut_time;
			time(&real);
			diff = difftime(real, log_in);
			format_seconds(buf, BUFLEN, diff);
			if (strlen(ptr) + strlen(buf) + 1 <= BUFLEN) {
				strncat(ptr, buf, BUFLEN-strlen(ptr)-1);
			}
		}
	}
}
static void tty_user_time(char *ptr, char *tty)
{ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.