alpine 3.7
misc weakness #444

4

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin.

File Name:

libfetch/src/libfetch-2.33/ftp.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 misc weakness.

 
	/* XXX FTP_AUTH, and maybe .netrc */

	/* send user name and password */
	if (url->user[0] == '\0')
		fetch_netrc_auth(url);
	user = url->user;
	if (*user == '\0')
		user = getenv("FTP_LOGIN");
	if (user == NULL || *user == '\0')
		user = FTP_ANONYMOUS_USER;
	if (purl && url->port == fetch_default_port(url->scheme))
		e = ftp_cmd(conn, "USER %s@%s\r\n", user, url->host);
	else if (purl)
		e = ftp_cmd(conn, "USER %s@%s@%d\r\n", user, url->host, url->port);
	else
		e = ftp_cmd(conn, "USER %s\r\n", user);

	/* did the server request a password? */
	if (e == FTP_NEED_PASSWORD) {
		pwd = url->pwd;
		if (*pwd == '\0')
			pwd = getenv("FTP_PASSWORD");
		if (pwd == NULL || *pwd == '\0') {
			if ((login_name = getlogin()) == 0)
				login_name = FTP_ANONYMOUS_USER;
			if ((len = snprintf(pbuf, URL_USERLEN + 2, "%s@", login_name)) < 0)
				len = 0;
			else if (len > URL_USERLEN + 1)
				len = URL_USERLEN + 1;
			gethostname(pbuf + len, sizeof(pbuf) - len);
			/* MAXHOSTNAMELEN can differ from URL_HOSTLEN + 1 */
			pbuf[sizeof(pbuf) - 1] = '\0';
			pwd = pbuf;
		}
		e = ftp_cmd(conn, "PASS %s\r\n", pwd);
	}

	return (e);
}

/*
 * Log on to FTP server
 */
static conn_t *
ftp_connect(struct url *url, struct url *purl, const char *flags)
{
	conn_t *conn;
	int e, direct, verbose;
#ifdef INET6 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.