alpine 3.6
access weakness #105

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

lua-cqueues/src/cqueues-rel-20161215/src/lib/socket.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 

#define so_bind(...) SO_EXTENSION so_bind(__VA_ARGS__)

int (so_bind)(int fd, sockaddr_arg_t arg, const struct so_options *opts) {
#if SA_UNIX
	if (*sa_family(arg) == AF_UNIX) {
		char *path = strncpy((char [sizeof sockaddr_ref(arg).sun->sun_path + 1]){ 0 }, sockaddr_ref(arg).sun->sun_path, sizeof sockaddr_ref(arg).sun->sun_path);
		_Bool nochmod = 0;
		int error;

		if (opts->sun_unlink && *path)
			(void)unlink(path);

		if (opts->sun_mode) {
			if (0 == fchmod(fd, (opts->sun_mode & 0777)))
				nochmod = 1;
			else if (errno != EINVAL) /* BSDs return EINVAL */
				return errno;
		}

		if (opts->sun_mask) {
			mode_t omask = umask(opts->sun_mask & 0777);
			error = (0 == bind(fd, sockaddr_ref(arg).sa, sa_len(arg)))? 0 : errno;
			umask(omask);
		} else {
			error = (0 == bind(fd, sockaddr_ref(arg).sa, sa_len(arg)))? 0 : errno;
		}

		if (error)
			return error;

		if (opts->sun_mode && !nochmod && *path) {
			if (0 != chmod(path, (opts->sun_mode & 0777)))
				return errno;
		}

		return 0;
	}
#endif

	if (0 != bind(fd, sockaddr_ref(arg).sa, sa_len(arg)))
		return so_soerr();

	return 0;
} /* so_bind() */


void so_closesocket(int *fd, const struct so_options *opts) {
	if (opts && opts->fd_close.cb) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.