alpine 3.6
access weakness #484

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

avahi/src/avahi-0.6.32/avahi-autoipd/main.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 
static int save_address(const char *fn, uint32_t addr) {
    FILE *f;
    char buf[32];
    mode_t u;

    assert(fn);

    u = umask(0033);
    if (!(f = fopen(fn, "w"))) {
        daemon_log(LOG_ERR, "fopen() failed: %s", strerror(errno));
        goto fail;
    }
    umask(u);

    fprintf(f, "%s\n", inet_ntop(AF_INET, &addr, buf, sizeof (buf)));
    fclose(f);

    return 0;

fail:
    if (f)
        fclose(f);

    umask(u);

    return -1;
}

/*
 * Allocate a buffer with two pointers in front, one of which is
 * guaranteed to point ETHER_HDR_SIZE bytes into it.
 */
static ArpPacket* packet_new(size_t packet_len) {
    ArpPacket *p;
    uint8_t *b;

    assert(packet_len > 0);

#ifdef __linux__
    b = avahi_new0(uint8_t, sizeof(struct ArpPacket) + packet_len);
    p = (ArpPacket*) b;
    p->ether_header = NULL;
    p->ether_payload = b + sizeof(struct ArpPacket);

#else
    b = avahi_new0(uint8_t, sizeof(struct ArpPacket) + ETHER_HDR_SIZE + packet_len);
    p = (ArpPacket*) b;
    p->ether_header = b + sizeof(struct ArpPacket);
    p->ether_payload = b + sizeof(struct ArpPacket) + ETHER_HDR_SIZE; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.