Flawfinder error- internal buffer overflows. How to limit string input size and protect it from overflow?

Question

I have the following code:

void parseOptions(int argc, char* argv[]) {
std::string mob;
int option, index;

    struct option long_options[] = {{"version", no_argument, 0, 'V'},
                                  {"mobile-interface", required_argument, 0, 'm'},
                                  {0, 0}};

    while ((option = getopt_long(argc, argv, "Vm:", long_options, &index)) != -1) {
      switch (option) {
        case 'V':
          printVersion();
          break;
        case 'm':
          if (strlen(optarg) == HASHED_MOB_SIZE) {
            mob = optarg;
          }
          break;
        default:
          std::cerr << "Getopt switch default case shouldn't be reached... aborting program.\n";
          exit(ERR_GETOPT_FAILURE);
      }
    }
}

I run Flawfinder and I get the following error:

main.cpp:48: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs.

How do I limit the string input size?

Answer 1

So Flawfinder was right.

There is a Vulnerability in getopt: CVE-1999-0966.

Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].

My solution was to verify that that argc is greater than 1 and that argv[0] is not to long.