You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2015/11/09 18:21:11 UTC

[jira] [Updated] (TS-4003) CID 1338381 & 1022062: in traffic_cop

     [ https://issues.apache.org/jira/browse/TS-4003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Leif Hedstrom updated TS-4003:
------------------------------
    Fix Version/s: 6.1.0

> CID 1338381 & 1022062: in traffic_cop
> -------------------------------------
>
>                 Key: TS-4003
>                 URL: https://issues.apache.org/jira/browse/TS-4003
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Cop
>            Reporter: Leif Hedstrom
>             Fix For: 6.1.0
>
>
> {code}
> *** CID 1338381:  Security best practices violations  (STRING_OVERFLOW)
> /cmd/traffic_cop/traffic_cop.cc: 759 in spawn_manager()()
> 753     
> 754       // Bind stdout and stderr of traffic_manager to traffic.out
> 755       int max_opts_len = OPTIONS_LEN_MAX - strlen(manager_options);
> 756       char tm_opt_buf[max_opts_len];
> 757       int cx = snprintf(tm_opt_buf, max_opts_len, " --%s %s --%s %s", TM_OPT_BIND_STDOUT, log_file, TM_OPT_BIND_STDERR, log_file);
> 758       if (cx >= 0 && cx < max_opts_len)
>    CID 1338381:  Security best practices violations  (STRING_OVERFLOW)
>    You might overrun the 1024 byte fixed-size string "manager_options" by copying "tm_opt_buf" without checking the length.
> 759         strcat(manager_options, tm_opt_buf);
> 760       else
> 761         cop_log(COP_WARNING, "bind_stdout and bind_stderr flags are too long, not binding anything\n");
> 762     
> 763       cop_log_trace("spawn_manager: Launching %s with options '%s'\n", prog, manager_options);
> 764       int i;
> ** CID 1022062:  Error handling issues  (CHECKED_RETURN)
> /cmd/traffic_cop/traffic_cop.cc: 750 in spawn_manager()()
> ________________________________________________________________________________________________________
> *** CID 1022062:  Error handling issues  (CHECKED_RETURN)
> /cmd/traffic_cop/traffic_cop.cc: 750 in spawn_manager()()
> 744       //  of the way (TSqa2232)
> 745       // coverity[fs_check_call]
> 746       if (access(log_file, W_OK) < 0 && errno == EACCES) {
> 747         char old_log_file[PATH_NAME_MAX];
> 748         snprintf(old_log_file, sizeof(old_log_file), "%s.old", log_file);
> 749         // coverity[toctou]
>    CID 1022062:  Error handling issues  (CHECKED_RETURN)
>    Calling "rename(log_file, old_log_file)" without checking return value. This library function may fail and return an error code.
> 750         rename(log_file, old_log_file);
> 751         cop_log(COP_WARNING, "rename %s to %s as it is not accessible.\n", log_file, old_log_file);
> 752       }
> 753     
> 754       // Bind stdout and stderr of traffic_manager to traffic.out
> 755       int max_opts_len = OPTIONS_LEN_MAX - strlen(manager_options);
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)