Modify ↓
Opened at 2017-01-24T08:16:28Z
Last modified at 2022-11-21T07:35:37Z
#1280 new defect
RPMLint issue call-to-mktemp
| Reported by: | anonymous | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | BitlBee | Version: | Unspecified |
| Keywords: | mktemp | Cc: | |
| IRC client+version: | Client-independent | Operating System: | Linux |
| OS version/distro: | openSUSE |
Description
I get this warning when doing builds for lates 3.5 release.
[ 41s] ... removing all built rpms [ 41s] (order: reverse bitlbee bitlbee-devel bitlbee-debuginfo bitlbee-debugsource bitlbee-doc) [ 41s] Failed to connect to bus: No such file or directory [ 42s] [ 42s] RPMLINT report: [ 42s] =============== [ 42s] bitlbee.x86_64: W: call-to-mktemp /usr/sbin/bitlbee [ 42s] This executable calls mktemp. As advised by the manpage (mktemp(3)), this [ 42s] function should be avoided. Some implementations are deeply insecure, and [ 42s] there is a race condition between the time of check and time of use (TOCTOU). [ 42s] See http://capec.mitre.org/data/definitions/29.html for details, and contact [ 42s] upstream to have this issue fixed. [ 42s] [ 42s] bitlbee.x86_64: I: binary-or-shlib-calls-gethostbyname /usr/sbin/bitlbee [ 42s] The binary calls gethostbyname(). Please port the code to use getaddrinfo(). [ 42s] [ 42s] 4 packages and 0 specfiles checked; 0 errors, 1 warnings.
Also maybe gethostbyname() -> getaddrinfo() should be taken care
Attachments (0)
Change History (3)
comment:1 follow-up: 2 Changed at 2017-01-24T16:11:38Z by
comment:2 Changed at 2017-01-24T16:23:26Z by
Replying to dx:
What's wrong with gethostbyname?
Answering my own question: ipv4 only, apparently.
It's currently only used by the socks4 code (not socks5 or anything else). Meh.
Note: See
TracTickets for help on using
tickets.
What's wrong with gethostbyname?