alpine 3.6
format weakness #1

4

Weakness Breakdown


Definition:

A format string exploit occurs when the data of an input string is evaluated as a command by the program. This class of attacks is very similar to buffer overflows since an attacker could execute code, read the stack or cause new behaviors that compromise security. Learn more about format string attacks on OWASP attack index.

Warning code(s):

If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always 0-terminate.

File Name:

apache-mod-auth-kerb/src/mod_auth_kerb-5.4/src/mod_auth_kerb.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 format weakness.

 #include <http_core.h>
#include <http_log.h>
#include <http_protocol.h>
#include <http_request.h>

#ifdef STANDARD20_MODULE_STUFF
#include <apr_strings.h>
#include <apr_base64.h>
#else
#define apr_pstrdup		ap_pstrdup
#define apr_psprintf		ap_psprintf
#define apr_pstrcat		ap_pstrcat
#define apr_pcalloc		ap_pcalloc
#define apr_table_setn		ap_table_setn
#define apr_table_add		ap_table_add
#define apr_base64_decode_len	ap_base64decode_len
#define apr_base64_decode	ap_base64decode
#define apr_base64_encode_len	ap_base64encode_len
#define apr_base64_encode	ap_base64encode
#define apr_pool_cleanup_null	ap_null_cleanup
#define apr_pool_cleanup_register	ap_register_cleanup
#endif /* STANDARD20_MODULE_STUFF */

#ifdef _WIN32
#define vsnprintf _vsnprintf
#define snprintf _snprintf
#endif

#ifdef KRB5
#include <krb5.h>
#ifdef HEIMDAL
#  include <gssapi.h>
#else
#  include <gssapi/gssapi.h>
#  include <gssapi/gssapi_generic.h>
#  include <gssapi/gssapi_krb5.h>
#  define GSS_C_NT_USER_NAME gss_nt_user_name
#  define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
#  define GSS_KRB5_NT_PRINCIPAL_NAME gss_nt_krb5_name
#  define krb5_get_err_text(context,code) error_message(code)
#endif
#ifndef GSSAPI_SUPPORTS_SPNEGO
#  include "spnegokrb5.h"
#endif
#endif /* KRB5 */

#ifdef KRB4
/* Prevent warning about closesocket redefinition (Apache's ap_config.h and 
 * MIT Kerberos' port-sockets.h both define it as close) */
#ifdef closesocket 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.