centos 7
misc weakness #400

4

Weakness Breakdown

Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):
CWE-676CWE-120CWE-20

This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data.

File Name:

bind-9.9.4/bin/tests/pkcs11/benchmarks/genrsa.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 misc weakness.

  */

/* $ Id$  */

/* genrsa [-m module] [-s $ slot] [-p pin] [-t] [-b bits] [-n count] */

/*! \file */

#include <config.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>

#include <isc/commandline.h>
#include <isc/result.h>
#include <isc/types.h>

#include <pk11/pk11.h>
#include <pk11/result.h>

#if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
#define getpassphrase(x)	getpass(x)
#endif

#ifndef HAVE_CLOCK_GETTIME
#ifndef CLOCK_REALTIME
#define CLOCK_REALTIME 0
#endif

int
clock_gettime(int32_t id, struct timespec *tp)
{
	struct timeval tv;
	int result;

	result = gettimeofday(&tv, NULL);
	if (result)
		return (result);
	tp->tv_sec = tv.tv_sec;
	tp->tv_nsec = (long) tv.tv_usec * 1000;
	return (result);
}
#endif

static CK_BBOOL truevalue = TRUE;
static CK_BBOOL falsevalue = FALSE;
polyverse small logo
Products
Polymorphing for Linux
Polymorphing for Embedded/IOT
Polyscripting
Polyscripting for WordPress
Build Farm for Gov.
Resources
Linux Weakness Report
Demos
Documentation
Resource Library
Webinars
Blogs
FAQ
Pricing
How to Buy
Partners
Free Trial
Contact Us
Company
About Us
Newsroom
Careers

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.

© 2020 Polyverse