You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2015/11/09 18:21:11 UTC
[jira] [Updated] (TS-4003) CID 1338381 & 1022062: in traffic_cop
[ https://issues.apache.org/jira/browse/TS-4003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-4003:
------------------------------
Fix Version/s: 6.1.0
> CID 1338381 & 1022062: in traffic_cop
> -------------------------------------
>
> Key: TS-4003
> URL: https://issues.apache.org/jira/browse/TS-4003
> Project: Traffic Server
> Issue Type: Bug
> Components: Cop
> Reporter: Leif Hedstrom
> Fix For: 6.1.0
>
>
> {code}
> *** CID 1338381: Security best practices violations (STRING_OVERFLOW)
> /cmd/traffic_cop/traffic_cop.cc: 759 in spawn_manager()()
> 753
> 754 // Bind stdout and stderr of traffic_manager to traffic.out
> 755 int max_opts_len = OPTIONS_LEN_MAX - strlen(manager_options);
> 756 char tm_opt_buf[max_opts_len];
> 757 int cx = snprintf(tm_opt_buf, max_opts_len, " --%s %s --%s %s", TM_OPT_BIND_STDOUT, log_file, TM_OPT_BIND_STDERR, log_file);
> 758 if (cx >= 0 && cx < max_opts_len)
> CID 1338381: Security best practices violations (STRING_OVERFLOW)
> You might overrun the 1024 byte fixed-size string "manager_options" by copying "tm_opt_buf" without checking the length.
> 759 strcat(manager_options, tm_opt_buf);
> 760 else
> 761 cop_log(COP_WARNING, "bind_stdout and bind_stderr flags are too long, not binding anything\n");
> 762
> 763 cop_log_trace("spawn_manager: Launching %s with options '%s'\n", prog, manager_options);
> 764 int i;
> ** CID 1022062: Error handling issues (CHECKED_RETURN)
> /cmd/traffic_cop/traffic_cop.cc: 750 in spawn_manager()()
> ________________________________________________________________________________________________________
> *** CID 1022062: Error handling issues (CHECKED_RETURN)
> /cmd/traffic_cop/traffic_cop.cc: 750 in spawn_manager()()
> 744 // of the way (TSqa2232)
> 745 // coverity[fs_check_call]
> 746 if (access(log_file, W_OK) < 0 && errno == EACCES) {
> 747 char old_log_file[PATH_NAME_MAX];
> 748 snprintf(old_log_file, sizeof(old_log_file), "%s.old", log_file);
> 749 // coverity[toctou]
> CID 1022062: Error handling issues (CHECKED_RETURN)
> Calling "rename(log_file, old_log_file)" without checking return value. This library function may fail and return an error code.
> 750 rename(log_file, old_log_file);
> 751 cop_log(COP_WARNING, "rename %s to %s as it is not accessible.\n", log_file, old_log_file);
> 752 }
> 753
> 754 // Bind stdout and stderr of traffic_manager to traffic.out
> 755 int max_opts_len = OPTIONS_LEN_MAX - strlen(manager_options);
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)