fedora 23
race weakness #7
Weakness Breakdown
Definition:
A race condition exists when parallel code accesses shared data without proper coordination. An attack that uses a race-condition weakness takes advantage of the unsafe data access to manipulate how one of the parallel sections of code reacts. Even though each process runs as intended, the outcome is unexpected. For example, consider a bank service that depends on an encryption key that it reads from a known location. An independent cryptography service is responsible for generating the key and placing it where the bank is expected to read it in a timely manner. If the bank and cryptography services do not coordinate with each other, then the bank may read a blank encryption key before cryptography writes the key to the location. This can effectively turn off all encryption for the bank without either service, or the administrator, knowing that something has gone wrong.
Warning code(s):
File Name:
aide-0.15.1/src/gen_list.c
Context:
The highlighted line of code below is the trigger point of this particular Fedora 23 race weakness.
fs.st_rdev=0;
}
/*
Is this valid??
No, We should do this elsewhere.
*/
line->linkname=(char*)malloc(_POSIX_PATH_MAX+1);
if(line->linkname==NULL){
error(0,_("malloc failed in add_file_to_list()\n"));
abort();
}
/*
Remember to nullify the buffer, because man page says
readlink places the contents of the symbolic link path in
the buffer buf, which has size bufsiz. readlink does not
append a NUL character to buf. It will truncate the con-
tents (to a length of bufsiz characters), in case the
buffer is too small to hold all of the contents.
*/
memset(line->linkname,0,_POSIX_PATH_MAX+1);
len=readlink(line->filename,line->linkname,_POSIX_PATH_MAX+1);
/*
* We use realloc :)
*/
line->linkname=realloc(line->linkname,len+1);
} else {
line->attr&=(~DB_LINKNAME);
}
}
// vi: ts=8 sw=2 
