Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

rhel 7
obsolete weakness #268

1

Weakness Breakdown


Definition:

An obsolete weakness occurs when someone uses deprecated or obsolete functions when building a system. As a programming language evolves, some functions occasionally become obsolete.

Warning code(s):

This C routine is considered obsolete.

File Name:

opa-fm-10.9.0.0.204/Esm/ib/test/linux/usr/qp1source.c

Context:

The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 7 obsolete weakness.

 //
//      Initialize the MAI subsystem and open the port.
//
        mai_init();
        status=ib_init_devport(&dev, &port, NULL, NULL);
        if (status)
          {
            printf("ib_init_devport failed, %d\n",status);
            exit(1);
          }
        status = mai_open(1, 0, port, &fd);
        if (status != VSTATUS_OK) {
                fprintf(stderr, "Can't open MAI (%d)\n", status);
                exit(0);
        }

//
//      Setup the data for a MAD.
//
        Mai_Init(&out_mai);
        AddrInfo_Init(&out_mai, slid, dlid, 0, STL_DEFAULT_FM_PKEY, MAI_GSI_QP, MAI_GSI_QP, GSI_WELLKNOWN_QKEY);

    while (count != 0)
    {
        usleep(delay);
        LRMad_Init(&out_mai, MAD_CV_SUBN_LR, MAD_CM_SEND, tid++, 0x10, 0x0, 0x0);

        //
        //      Send the request.
        //
        status = mai_send(fd, &out_mai);
        if (status != VSTATUS_OK) {
            fprintf(stderr, "Can't send a MAD (%d)\n", status);
            mai_close(fd);
            exit(1);
        }

        if (count > 0)
            count--;
    }

        mai_close(fd);
        exit(0);
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.