alpine 3.6
access weakness #288

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

mmh/src/mmh-0.3/sbr/m_mktemp.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 
	if (pfx_in == NULL) {
		snprintf(tmpfil, sizeof(tmpfil), "%s/nmhXXXXXX",
				get_temp_dir());
	} else {
		snprintf(tmpfil, sizeof(tmpfil), "%sXXXXXX", pfx_in);
	}

	fd = mkstemp(tmpfil);
	if (fd < 0) {
		umask(oldmode);
		return NULL;
	}
	if (fd_ret != NULL) {
		*fd_ret = fd;
		keep_open = 1;
	}
	if (fp_ret != NULL) {
		FILE *fp = fdopen(fd, "w+");
		if (fp == NULL) {
			int olderr = errno;
			unlink(tmpfil);
			close(fd);
			errno = olderr;
			umask(oldmode);
			return NULL;
		}
		*fp_ret = fp;
		keep_open = 1;
	}
	if (!keep_open) {
		close(fd);
	}
	umask(oldmode);
	return tmpfil;
}

/*
** This version allows one to specify the directory the temp file should
** by created based on a given pathname.  Although m_mktemp() technically
** supports this, this version is when the directory is defined by
** a separate variable from the prefix, eliminating the caller from having
** to do string manipulation to generate the desired. pathname prefix.
**
** The pfx_in parameter specifies a basename prefix for the file.  If dir_in
** is NULL, then the defined temporary directory (see comments to m_mktemp()
** above) is used to create the temp file.
*/
char *
m_mktemp2( 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.