You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2016/03/26 16:19:25 UTC
[jira] [Created] (TS-4305) Covert issues in geoip_acl plugin
Leif Hedstrom created TS-4305:
---------------------------------
Summary: Covert issues in geoip_acl plugin
Key: TS-4305
URL: https://issues.apache.org/jira/browse/TS-4305
Project: Traffic Server
Issue Type: Bug
Components: Plugins
Reporter: Leif Hedstrom
Some of this looks old, but should fix them all:
{code}
** CID 1353618: Uninitialized members (UNINIT_CTOR)
/plugins/experimental/geoip_acl/acl.h: 96 in RegexAcl::RegexAcl(Acl *)()
________________________________________________________________________________________________________
*** CID 1353618: Uninitialized members (UNINIT_CTOR)
/plugins/experimental/geoip_acl/acl.h: 96 in RegexAcl::RegexAcl(Acl *)()
90
91
92 // Base class for all Regex ACLs (which contain Acl() subclassed instances)
93 class RegexAcl
94 {
95 public:
CID 1353618: Uninitialized members (UNINIT_CTOR)
Non-static class member "_extra" is not initialized in this constructor nor in any functions that it calls.
96 RegexAcl(Acl *acl) : _next(NULL), _acl(acl) {}
97
98 const std::string &
99 get_regex() const
100 {
101 return _regex_s;
** CID 1353617: Uninitialized members (UNINIT_CTOR)
/plugins/experimental/geoip_acl/acl.h: 50 in Acl::Acl()()
________________________________________________________________________________________________________
*** CID 1353617: Uninitialized members (UNINIT_CTOR)
/plugins/experimental/geoip_acl/acl.h: 50 in Acl::Acl()()
44
45
46 // Base class for all ACLs
47 class Acl
48 {
49 public:
CID 1353617: Uninitialized members (UNINIT_CTOR)
Non-static class member "_added_tokens" is not initialized in this constructor nor in any functions that it calls.
50 Acl() : _allow(true) {}
51
52 virtual ~Acl() {}
53
54 // These have to be implemented for each ACL type
55 virtual void read_regex(const char *fn) = 0;
** CID 1353616: Resource leaks (RESOURCE_LEAK)
/plugins/experimental/geoip_acl/acl.cc: 254 in CountryAcl::read_regex(const char *)()
________________________________________________________________________________________________________
*** CID 1353616: Resource leaks (RESOURCE_LEAK)
/plugins/experimental/geoip_acl/acl.cc: 254 in CountryAcl::read_regex(const char *)()
248 }
249 acl = NULL;
250 }
251 }
252 f.close();
253 TSDebug(PLUGIN_NAME, "Loaded regex rules from %s", fn);
CID 1353616: Resource leaks (RESOURCE_LEAK)
Variable "acl" going out of scope leaks the storage it points to.
254 } else {
255 TSError("[%s] Unable to open regex file %s", PLUGIN_NAME, fn);
256 }
257 }
258
259 bool
** CID 1353615: Error handling issues (NEGATIVE_RETURNS)
/plugins/experimental/geoip_acl/acl.cc: 136 in RegexAcl::parse_line(const char *, const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, int)()
________________________________________________________________________________________________________
*** CID 1353615: Error handling issues (NEGATIVE_RETURNS)
/plugins/experimental/geoip_acl/acl.cc: 136 in RegexAcl::parse_line(const char *, const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, int)()
130 std::string::size_type pos1, pos2;
131
132 if (line.empty()) {
133 return false;
134 }
135 pos1 = line.find_first_not_of(_SEPARATOR);
CID 1353615: Error handling issues (NEGATIVE_RETURNS)
"pos1" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
136 if (line[pos1] == '#' || pos1 == std::string::npos) {
137 return false;
138 }
139
140 pos2 = line.find_first_of(_SEPARATOR, pos1);
141 if (pos2 != std::string::npos) {
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)