You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/11/23 21:29:58 UTC
[jira] [Work logged] (TS-5063) CID 1365975, 1365974: Coverity
warnings introduced with TS-4399:
[ https://issues.apache.org/jira/browse/TS-5063?focusedWorklogId=32374&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-32374 ]
ASF GitHub Bot logged work on TS-5063:
--------------------------------------
Author: ASF GitHub Bot
Created on: 23/Nov/16 21:29
Start Date: 23/Nov/16 21:29
Worklog Time Spent: 10m
Work Description: GitHub user zwoop opened a pull request:
https://github.com/apache/trafficserver/pull/1234
TS-5063: Fixes coverity warnings and cleans up the temp string
The Vec<char> seems overkill here, and makes things less nice when
managing the intermediary strings. The new code has issues with being
potentially used without initialization.
CID 1365975, 1365974
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/zwoop/trafficserver TS-5063
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/1234.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1234
----
commit 81fa683077dea2a21bf69192af3aa547901a2de6
Author: Leif Hedstrom <zw...@apache.org>
Date: 2016-11-23T21:23:00Z
TS-5063: Fixes coverity warnings and cleans up the temp string
The Vec<char> seems overkill here, and makes things less nice when
managing the intermediary strings. The new code has issues with being
potentially used without initialization.
CID 1365975, 1365974
----
Issue Time Tracking
-------------------
Worklog Id: (was: 32374)
Time Spent: 10m
Remaining Estimate: 0h
> CID 1365975, 1365974: Coverity warnings introduced with TS-4399:
> ----------------------------------------------------------------
>
> Key: TS-5063
> URL: https://issues.apache.org/jira/browse/TS-5063
> Project: Traffic Server
> Issue Type: Bug
> Components: Manager
> Reporter: Leif Hedstrom
> Assignee: Leif Hedstrom
> Fix For: 7.1.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> {code}
> *** CID 1365975: Security best practices violations (TOCTOU)
> /mgmt/LocalManager.cc: 984 in LocalManager::startProxy(const char *)()
> 978 Debug("lm", "opt %d = '%s'", i, tok);
> 979 options[i++] = tok;
> 980 }
> 981
> 982 EnableDeathSignal(SIGTERM);
> 983
> CID 1365975: Security best practices violations (TOCTOU)
> Calling function "execv" that uses "this->absolute_proxy_binary" after a check function. This can cause a time-of-check, time-of-use race condition.
> 984 execv(absolute_proxy_binary, options);
> 985 mgmt_fatal(errno, "[LocalManager::startProxy] Exec of %s failed\n", absolute_proxy_binary);
> 986 }
> 987 return true;
> 988 }
> 989
> ** CID 1365974: Null pointer dereferences (FORWARD_NULL)
> /mgmt/LocalManager.cc: 937 in LocalManager::startProxy(const char *)()
> ________________________________________________________________________________________________________
> *** CID 1365974: Null pointer dereferences (FORWARD_NULL)
> /mgmt/LocalManager.cc: 937 in LocalManager::startProxy(const char *)()
> 931 if (onetime_options && *onetime_options) {
> 932 real_proxy_options.append(" ", strlen(" "));
> 933 real_proxy_options.append(onetime_options, strlen(onetime_options));
> 934 }
> 935
> 936 // Make sure we're starting the proxy in mgmt mode
> CID 1365974: Null pointer dereferences (FORWARD_NULL)
> Passing null pointer "onetime_options" to "strstr", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.]
> 937 if (strstr(proxy_options, MGMT_OPT) == 0 && strstr(onetime_options, MGMT_OPT) == 0) {
> 938 real_proxy_options.append(" ", strlen(" "));
> 939 real_proxy_options.append(MGMT_OPT, sizeof(MGMT_OPT) - 1);
> 940 }
> 941
> 942 // Check if we need to pass down port/fd information to
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)