alpine 3.6
access weakness #287

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

mmh/src/mmh-0.3/sbr/m_mktemp.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 **
**    char *tmp_pathname = m_mktemp2(NULL, "mypre", ...);
*/
char *
m_mktemp(
	const char *pfx_in,  /* Pathname prefix for temporary file. */
	int *fd_ret,         /* (return,opt.) File descriptor to temp file. */
	FILE **fp_ret        /* (return,opt.) FILE pointer to temp file. */
)
{
	static char tmpfil[BUFSIZ];
	int fd = -1;
	int keep_open = 0;
	mode_t oldmode = umask(077);

	if (pfx_in == NULL) {
		snprintf(tmpfil, sizeof(tmpfil), "%s/nmhXXXXXX",
				get_temp_dir());
	} else {
		snprintf(tmpfil, sizeof(tmpfil), "%sXXXXXX", pfx_in);
	}

	fd = mkstemp(tmpfil);
	if (fd < 0) {
		umask(oldmode);
		return NULL;
	}
	if (fd_ret != NULL) {
		*fd_ret = fd;
		keep_open = 1;
	}
	if (fp_ret != NULL) {
		FILE *fp = fdopen(fd, "w+");
		if (fp == NULL) {
			int olderr = errno;
			unlink(tmpfil);
			close(fd);
			errno = olderr;
			umask(oldmode);
			return NULL;
		}
		*fp_ret = fp;
		keep_open = 1;
	}
	if (!keep_open) {
		close(fd);
	}
	umask(oldmode);
	return tmpfil;
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.