Text  |   XML   |   Visible Warnings:

Irssi : Irssi analysis 1 : Insecure Temporary File  at dcc-get.c:218

Categories: POSIX.FUNCS.INSECURE CWE:377
Warning ID: 611.611
Procedure: sig_dccget_connected
Trace: View
Modified: Wed Sep 2 11:35:35 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /u1/paul/SATE/2010/c/irssi/irssi-0.8.14/src/irc/dcc/dcc-get.c
   Enter sig_dccget_connected
 208  
 209                 /* we want to overwrite the file, remove it here.
 210                    if it gets created after this, we'll fail. */ 
 211                 unlink(dcc->file);   /* File System Race Condition (ID: 2200.2205) */
 212  
 213                 /* just to make sure we won't run into race conditions 
 214                    if download_path is in some global temp directory */ 
 215                 tempfname = g_strconcat(dcc->file, ".XXXXXX", NULL);
 216  
 217                 old_umask = umask(0077);
Use of "mkstemp"218                 temphandle = mkstemp(tempfname);     /* Insecure Temporary File */
 219                 umask(old_umask);
 220  
 221                 if (temphandle == -1)
 222                         ret = -1;
 223                 else 
 224                         ret = fchmod(temphandle, dcc_file_create_mode);
 225  
 226                 if (ret != -1) {
 227                         ret = link(tempfname, dcc->file);   /* File System Race Condition (ID: 2198.2203) */
 228  



Change Warning 611.611 : Insecure Temporary File

Priority:
State:
Finding:
Owner:
Note: