alpine 3.6
access weakness #496

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

dansguardian/src/dansguardian-2.12.0.3/src/DataBuffer.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 			return rc;  // just return with the return code
		}
		pos += rc;
		gettimeofday(&nowadays, NULL);
		if (nowadays.tv_sec - starttime.tv_sec > timeout) {
#ifdef DGDEBUG
			std::cout << "buffered socket read more than timeout" << std::endl;
#endif
			return pos;  // just return how much got so far then
		}
	}
	return size;  // full buffer
}

// make a temp file and return its FD. only currently used in DM plugins.
int DataBuffer::getTempFileFD()
{
	if (tempfilefd > -1) {
		return tempfilefd;
	}
	tempfilepath = o.download_dir.c_str();
	tempfilepath += "/tfXXXXXX";
	char *tempfilepatharray = new char[tempfilepath.length() + 1];
	strcpy(tempfilepatharray, tempfilepath.toCharArray());
	umask(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
	if ((tempfilefd = mkstemp(tempfilepatharray)) < 0) {
#ifdef DGDEBUG
		std::cerr << "error creating temp " << tempfilepath << ": " << strerror(errno) << std::endl;
#endif
		syslog(LOG_ERR, "Could not create temp file to store download for scanning: %s", strerror(errno));
		tempfilefd = -1;
		tempfilepath = "";
	} else {
		tempfilepath = tempfilepatharray;
	}
	delete[]tempfilepatharray;
	return tempfilefd;
}

// check the client's user agent, see if we have a DM plugin compatible with it, and use it to download the body of the given request
bool DataBuffer::in(Socket * sock, Socket * peersock, HTTPHeader * requestheader, HTTPHeader * docheader, bool runav, int *headersent)
{
	//Socket *sock = where to read from
	//Socket *peersock = browser to send stuff to for keeping it alive
	//HTTPHeader *requestheader = header client used to request
	//HTTPHeader *docheader = header used for sending first line of reply
	//bool runav = to determine if limit is av or not
	//int *headersent = to use to send the first line of header if needed
	//				  or to mark that the header has already been sent
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.