alpine 3.9
obsolete weakness #550

1

Weakness Breakdown


Definition:

An obsolete weakness occurs when someone uses deprecated or obsolete functions when building a system. As a programming language evolves, some functions occasionally become obsolete.

Warning code(s):

This C routine is considered obsolete.

File Name:

anytun/src/anytun-0.3.7/src/anyrtpproxy/anyrtpproxy.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 obsolete weakness.

 
        std::pair<std::map<std::string, ListenerData*>::iterator, bool> ret;
        ret = listenerMap.insert(std::map<std::string, ListenerData*>::value_type(call_id, ld));
        continue;
      }

      if(!it->second->running1_ && !it->second->running2_) {
        cLog.msg(Log::PRIO_NOTICE) << "listenerManager both threads for '" << call_id << "' exited, cleaning up";
        if(it->second->thread1_) {
          it->second->thread1_->join();
          delete it->second->thread1_;
        }
        if(it->second->thread2_) {
          it->second->thread2_->join();
          delete it->second->thread2_;
        }
        delete it->second;
        listenerMap.erase(it);
        gRtpSessionTable.delSession(call_id);
        continue;
      }
      // TODO: reinit if session changed
    } catch(std::exception& e) {
      cLog.msg(Log::PRIO_ERR) << "listenerManager restarting after exception: " << e.what();
      usleep(500); // in case of an hard error don't block cpu (this is ugly)
    }
  }
  cLog.msg(Log::PRIO_ERR) << "listenerManager exiting because of unknown reason";
}

void chrootAndDrop(string const& chrootdir, string const& username)
{
  if(getuid() != 0) {
    std::cerr << "this program has to be run as root in order to run in a chroot" << std::endl;
    exit(-1);
  }

  struct passwd* pw = getpwnam(username.c_str());
  if(pw) {
    if(chroot(chrootdir.c_str())) {
      std::cerr << "can't chroot to " << chrootdir << std::endl;
      exit(-1);
    }
    std::cout << "we are in chroot jail (" << chrootdir << ") now" << std::endl;
    chdir("/");
    if(initgroups(pw->pw_name, pw->pw_gid) || setgid(pw->pw_gid) || setuid(pw->pw_uid)) {
      std::cerr << "can't drop to user " << username << " " << pw->pw_uid << ":" << pw->pw_gid << std::endl;
      exit(-1);
    }
    std::cout << "dropped user to " << username << " " << pw->pw_uid << ":" << pw->pw_gid << std::endl; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.