0

I have the following code:

void parseOptions(int argc, char* argv[]) {
std::string mob;
int option, index;

    struct option long_options[] = {{"version", no_argument, 0, 'V'},
                                  {"mobile-interface", required_argument, 0, 'm'},
                                  {0, 0}};

    while ((option = getopt_long(argc, argv, "Vm:", long_options, &index)) != -1) {
      switch (option) {
        case 'V':
          printVersion();
          break;
        case 'm':
          if (strlen(optarg) == HASHED_MOB_SIZE) {
            mob = optarg;
          }
          break;
        default:
          std::cerr << "Getopt switch default case shouldn't be reached... aborting program.\n";
          exit(ERR_GETOPT_FAILURE);
      }
    }
}

I run Flawfinder and I get the following error:

main.cpp:48: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs.

How do I limit the string input size?

lior.i
  • 573
  • 1
  • 7
  • 20
  • one option would be to use a modern c++ argument parser like `boost::program_options` – Alan Birtles Oct 11 '20 at 14:35
  • Thanks @AlanBirtles , but unfortunately I can't use boost lib in this project. – lior.i Oct 11 '20 at 14:47
  • It isn't clear what buffer overflow they are talking about. `getopt_long` doesn't seem to need any writable buffers. Implementations that I can find don't appear to use any. – n. m. could be an AI Oct 11 '20 at 15:23
  • Thanks @n.'pronouns'm. , I don't understand it, I think I will ignore this error for now. – lior.i Oct 13 '20 at 10:04
  • the solution that worked for now is to suppress the warning by adding `/* Flawfinder: ignore */` at the end of the line – lior.i Nov 29 '20 at 15:20

1 Answers1

0

So Flawfinder was right.

There is a Vulnerability in getopt: CVE-1999-0966.

Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].

My solution was to verify that that argc is greater than 1 and that argv[0] is not to long.

lior.i
  • 573
  • 1
  • 7
  • 20