Skip to content

tmpnam is insecure #4

New issue
New issue
Open
Open
tmpnam is insecure#4
@xpunkt

Description

@xpunkt
xpunkt
opened on Jan 22, 2025

xpoint@tux /crashmail-master $ make linux
mkdir -p bin
make -C src -f Makefile linux
make[1]: Entering directory '/home/xpoint/crashmail-master/src'
mkdir -p obj
make -C cmnllib -f Makefile.linux
make[2]: Entering directory '/home/xpoint/crashmail-master/src/cmnllib'
gcc -DPLATFORM_LINUX -I ../ -Wall -c cmnllib.c -o cmnllib.o
ar -ru cmnllib.a cmnllib.o
ar: creating cmnllib.a
make[2]: Leaving directory '/home/xpoint/crashmail-master/src/cmnllib'
make -C jamlib -f Makefile.linux
make[2]: Entering directory '/home/xpoint/crashmail-master/src/jamlib'
gcc -D__LINUX__ -Wall -c crc32.c -o crc32.o
gcc -D__LINUX__ -Wall -c mbase.c -o mbase.o
gcc -D__LINUX__ -Wall -c message.c -o message.o
gcc -D__LINUX__ -Wall -c lastread.c -o lastread.o
gcc -D__LINUX__ -Wall -c subpack.c -o subpack.o
gcc -D__LINUX__ -Wall -c structrw.c -o structrw.o
ar -ru jamlib.a crc32.o mbase.o message.o lastread.o subpack.o structrw.o
ar: creating jamlib.a
make[2]: Leaving directory '/home/xpoint/crashmail-master/src/jamlib'
make -C oslib_linux
make[2]: Entering directory '/home/xpoint/crashmail-master/src/oslib_linux'
gcc -Wall -I ../ -DPLATFORM_LINUX -c osfile.c -o osfile.o
gcc -Wall -I ../ -DPLATFORM_LINUX -c osdir.c -o osdir.o
gcc -Wall -I ../ -DPLATFORM_LINUX -c osmisc.c -o osmisc.o
gcc -Wall -I ../ -DPLATFORM_LINUX -c osmem.c -o osmem.o
gcc -Wall -I ../ -DPLATFORM_LINUX -c ospattern.c -o ospattern.o
gcc -Wall -I ../ -DPLATFORM_LINUX -c os.c -o os.o
ar -ru oslib.a osfile.o osdir.o osmisc.o osmem.o ospattern.o os.o
ar: creating oslib.a
make[2]: Leaving directory '/home/xpoint/crashmail-master/src/oslib_linux'
make -f Makefile.linux
make[2]: Entering directory '/home/xpoint/crashmail-master/src'
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/crashmail.c -o obj/crashmail.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/logwrite.c -o obj/logwrite.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/dupe.c -o obj/dupe.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/stats.c -o obj/stats.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/misc.c -o obj/misc.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/safedel.c -o obj/safedel.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/toss.c -o obj/toss.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/pkt.c -o obj/pkt.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/mb.c -o obj/mb.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/nl.c -o obj/nl.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/handle.c -o obj/handle.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/node4dpat.c -o obj/node4dpat.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/config.c -o obj/config.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/memmessage.c -o obj/memmessage.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/scan.c -o obj/scan.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/outbound.c -o obj/outbound.o
crashmail/outbound.c: In function 'HandleOrphan':
crashmail/outbound.c:478:4: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
478 | if(doAddFlow(buf,basename,type,mode))
| ^
crashmail/outbound.c:481:9: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
481 | UnlockBasename(basename);
| ^~~~~~~~~~~~~~
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/filter.c -o obj/filter.o
crashmail/filter.c: In function 'filter_evalfunc':
crashmail/filter.c:481:37: warning: '%s' directive writing up to 99 bytes into a region of size 83 [-Wformat-overflow=]
481 | sprintf(errbuf,"Unknown variable %s",var);
| ^~ ~~~
crashmail/filter.c:481:4: note: 'sprintf' output between 18 and 117 bytes into a destination of size 100
481 | sprintf(errbuf,"Unknown variable %s",var);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crashmail/filter.c:456:57: warning: '%s' directive writing up to 99 bytes into a region of size 69 [-Wformat-overflow=]
456 | sprintf(errbuf,"Nodelist required for variable %s",var);
| ^~ ~~~
crashmail/filter.c:456:10: note: 'sprintf' output between 32 and 131 bytes into a destination of size 100
456 | sprintf(errbuf,"Nodelist required for variable %s",var);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crashmail/filter.c:440:57: warning: '%s' directive writing up to 99 bytes into a region of size 69 [-Wformat-overflow=]
440 | sprintf(errbuf,"Nodelist required for variable %s",var);
| ^~ ~~~
crashmail/filter.c:440:10: note: 'sprintf' output between 32 and 131 bytes into a destination of size 100
440 | sprintf(errbuf,"Nodelist required for variable %s",var);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crashmail/filter.c:424:57: warning: '%s' directive writing up to 99 bytes into a region of size 69 [-Wformat-overflow=]
424 | sprintf(errbuf,"Nodelist required for variable %s",var);
| ^~ ~~~
crashmail/filter.c:424:10: note: 'sprintf' output between 32 and 131 bytes into a destination of size 100
424 | sprintf(errbuf,"Nodelist required for variable %s",var);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crashmail/filter.c:408:57: warning: '%s' directive writing up to 99 bytes into a region of size 69 [-Wformat-overflow=]
408 | sprintf(errbuf,"Nodelist required for variable %s",var);
| ^~ ~~~
crashmail/filter.c:408:10: note: 'sprintf' output between 32 and 131 bytes into a destination of size 100
408 | sprintf(errbuf,"Nodelist required for variable %s",var);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crashmail/filter.c: In function 'Filter_Remap':
crashmail/filter.c:805:63: warning: '%u' directive writing between 1 and 5 bytes into a region of size between 3 and 66 [-Wformat-overflow=]
805 | sprintf(buf,"\x01Remapped to %s at %u:%u/%u.%u by %u:%u/%u.%u\x0d",
| ^~
crashmail/filter.c:805:16: note: directive argument in the range [0, 65535]
805 | sprintf(buf,"\x01Remapped to %s at %u:%u/%u.%u by %u:%u/%u.%u\x0d",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crashmail/filter.c:805:4: note: 'sprintf' output between 37 and 104 bytes into a destination of size 100
805 | sprintf(buf,"\x01Remapped to %s at %u:%u/%u.%u by %u:%u/%u.%u\x0d",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
806 | newto,
| ~~~~~~
807 | newdest4d.Zone,
| ~~~~~~~~~~~~~~~
808 | newdest4d.Net,
| ~~~~~~~~~~~~~~
809 | newdest4d.Node,
| ~~~~~~~~~~~~~~~
810 | newdest4d.Point,
| ~~~~~~~~~~~~~~~~
811 | my4d.Zone,
| ~~~~~~~~~~
812 | my4d.Net,
| ~~~~~~~~~
813 | my4d.Node,
| ~~~~~~~~~~
814 | my4d.Point);
| ~~~~~~~~~~~
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/areafix.c -o obj/areafix.o
crashmail/areafix.c: In function 'rawSendInfo':
crashmail/areafix.c:1415:13: warning: the comparison will always evaluate as 'true' for the address of 'cfg_GroupNames' will never be NULL [-Waddress]
1415 | if(config.cfg_GroupNames[c-'A'])
| ^~~~~~
In file included from crashmail/mb.h:6,
from crashmail/crashmail.h:31,
from crashmail/areafix.c:1:
crashmail/config.h:324:9: note: 'cfg_GroupNames' declared here
324 | char cfg_GroupNames[30][80];
| ^~~~~~~~~~~~~~
crashmail/areafix.c: In function 'SendRemoveMessages':
crashmail/areafix.c:812:36: warning: '" has been removed by the up...' directive writing 34 bytes into a region of size between 11 and 90 [-Wformat-overflow=]
812 | sprintf(buf,"The area "%s" has been removed by the uplink.\x0d",area->Tagname);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crashmail/areafix.c:812:10: note: 'sprintf' output between 45 and 124 bytes into a destination of size 100
812 | sprintf(buf,"The area "%s" has been removed by the uplink.\x0d",area->Tagname);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crashmail/areafix.c: In function 'afSendMessage':
crashmail/areafix.c:1506:45: warning: ' (part ' directive writing 7 bytes into a region of size between 1 and 72 [-Wformat-overflow=]
1506 | sprintf(afr->mm->Subject,"%s (part %d)",afr->subject,afr->part);
| ^~~~~~~
crashmail/areafix.c:1506:42: note: using the range [-2147483648, 2147483647] for directive argument
1506 | sprintf(afr->mm->Subject,"%s (part %d)",afr->subject,afr->part);
| ^~~~~~~~~~~~~~
crashmail/areafix.c:1506:17: note: 'sprintf' output between 10 and 91 bytes into a destination of size 72
1506 | sprintf(afr->mm->Subject,"%s (part %d)",afr->subject,afr->part);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crashmail/areafix.c: In function 'afAddLine':
crashmail/areafix.c:1478:35: warning: ' (part ' directive writing 7 bytes into a region of size between 1 and 72 [-Wformat-overflow=]
1478 | sprintf(afr->mm->Subject,"%s (part %d)",afr->subject,afr->part);
| ^~~~~~~
crashmail/areafix.c:1478:32: note: using the range [-2147483648, 2147483647] for directive argument
1478 | sprintf(afr->mm->Subject,"%s (part %d)",afr->subject,afr->part);
| ^~~~~~~~~~~~~~
crashmail/areafix.c:1478:7: note: 'sprintf' output between 10 and 91 bytes into a destination of size 72
1478 | sprintf(afr->mm->Subject,"%s (part %d)",afr->subject,afr->part);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c shared/jblist.c -o obj/jblist.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c shared/jbstrcpy.c -o obj/jbstrcpy.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c shared/mystrncpy.c -o obj/mystrncpy.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c shared/parseargs.c -o obj/parseargs.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c shared/node4d.c -o obj/node4d.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c shared/expr.c -o obj/expr.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c shared/path.c -o obj/path.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/nl_v7p.c -o obj/nl_v7p.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/nl_cmnl.c -o obj/nl_cmnl.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/mb_msg.c -o obj/mb_msg.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -c crashmail/mb_jam.c -o obj/mb_jam.o
gcc -DPLATFORM_LINUX -DMSGBASE_MSG -DMSGBASE_JAM -DNODELIST_CMNL -DNODELIST_V7P -I ./ -Wall -o ../bin/crashmail obj/crashmail.o obj/logwrite.o obj/dupe.o obj/stats.o obj/misc.o obj/safedel.o obj/toss.o obj/pkt.o obj/mb.o obj/nl.o obj/handle.o obj/node4dpat.o obj/config.o obj/memmessage.o obj/scan.o obj/outbound.o obj/filter.o obj/areafix.o obj/jblist.o obj/jbstrcpy.o obj/mystrncpy.o obj/parseargs.o obj/node4d.o obj/expr.o obj/path.o obj/nl_v7p.o obj/nl_cmnl.o cmnllib/cmnllib.a obj/mb_msg.o obj/mb_jam.o jamlib/jamlib.a oslib_linux/oslib.a
/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/ld: obj/handle.o:(.bss+0x0): multiple definition of lastt'; obj/pkt.o:(.bss+0x10): first defined here /usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/ld: obj/filter.o: in function Filter_Execute':
filter.c:(.text+0x21e7): warning: the use of tmpnam' is dangerous, better use mkstemp'
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile.linux:82: ../bin/crashmail] Error 1
make[2]: Leaving directory '/home/xpoint/crashmail-master/src'
make[1]: *** [Makefile:19: linux] Error 2
make[1]: Leaving directory '/home/xpoint/crashmail-master/src'
make: *** [Makefile:17: linux] Error 2
xpoint@tux ~/crashmail-master $

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions