Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

rhel 7
obsolete weakness #264

1

Weakness Breakdown


Definition:

An obsolete weakness occurs when someone uses deprecated or obsolete functions when building a system. As a programming language evolves, some functions occasionally become obsolete.

Warning code(s):

This C routine is considered obsolete.

File Name:

opa-fm-10.9.0.0.204/Esm/ib/src/linux/startup/opafmd.c

Context:

The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 7 obsolete weakness.

 				comp = "fe";
			}
			break;
		case 'h':
			if (strcmp(arg, "halt")){
				fprintf(stderr, "Unknown parameter %s\n", arg);
				Usage(1);
			} else {
				int fd;
				if((fd = open(OPAFMD_PIPE, O_WRONLY|O_NONBLOCK)) == -1){
					// Daemon is already stopped
					exit(0);
				}
				res = write (fd, "stop\n", 5);	// write stop command without parameters to named pipe to kill it
				if(res <= 0){
					//Something went wrong while writing to pipe.
					fprintf(stderr, "Failed to send stop command to daemon: %s\n", strerror(errno));
					close(fd);
					exit(2);
				}
				close(fd);

				// Wait until the pipe stops existing.
				while (access(OPAFMD_PIPE, F_OK) != -1) {
					usleep(100000);
				}
				exit(0);
			}
		default:
			fprintf(stderr, "Unknown parameter %s\n", arg);
			Usage(1);
		}
	}
	if(isDaemon){
		if (isDebug) {
			// don't fork if debug
			return daemon_main();
		}	
		// Here we fork the daemon and if successful...
		switch(fork()){
		case 0:
			// daemon inits it's main loop
			return daemon_main();
		case -1:
			fprintf(stderr, "Failed to fork.\n");
			return 2;
		default:
			return 0;
		}
	} else { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.