alpine 3.6
access weakness #301

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

mmh/src/mmh-0.3/sbr/m_mktemp.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 **  follows, in order:
**
**    MHTMPDIR envvar
**    TMPDIR envvar
**    TMP envvar
**    User's mail directory.
**
**  NOTE: One will probably use m_mktemp2() instead of this function.
**  For example, if you want to create a temp file in the defined
**  temporary directory, but with a custom basename prefix, do
**  something like the following:
**
**    char *tmp_pathname = m_mktemp2(NULL, "mypre", ...);
*/
char *
m_mktemp(
	const char *pfx_in,  /* Pathname prefix for temporary file. */
	int *fd_ret,         /* (return,opt.) File descriptor to temp file. */
	FILE **fp_ret        /* (return,opt.) FILE pointer to temp file. */
)
{
	static char tmpfil[BUFSIZ];
	int fd = -1;
	int keep_open = 0;
	mode_t oldmode = umask(077);

	if (pfx_in == NULL) {
		snprintf(tmpfil, sizeof(tmpfil), "%s/nmhXXXXXX",
				get_temp_dir());
	} else {
		snprintf(tmpfil, sizeof(tmpfil), "%sXXXXXX", pfx_in);
	}

	fd = mkstemp(tmpfil);
	if (fd < 0) {
		umask(oldmode);
		return NULL;
	}
	if (fd_ret != NULL) {
		*fd_ret = fd;
		keep_open = 1;
	}
	if (fp_ret != NULL) {
		FILE *fp = fdopen(fd, "w+");
		if (fp == NULL) {
			int olderr = errno;
			unlink(tmpfil);
			close(fd);
			errno = olderr;
			umask(oldmode); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.