You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Dominic Hamon (JIRA)" <ji...@apache.org> on 2014/11/10 20:39:34 UTC

[jira] [Updated] (MESOS-1355) Use of untrusted string value in jvm.cpp

     [ https://issues.apache.org/jira/browse/MESOS-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dominic Hamon updated MESOS-1355:
---------------------------------
    Labels: coverity security  (was: coverity)

> Use of untrusted string value in jvm.cpp
> ----------------------------------------
>
>                 Key: MESOS-1355
>                 URL: https://issues.apache.org/jira/browse/MESOS-1355
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Niklas Quarfot Nielsen
>              Labels: coverity, security
>
> ________________________________________________________________________________________________________
> *** CID 1213892:  Use of untrusted string value  (TAINTED_STRING)
> /src/jvm/jvm.cpp: 66 in Jvm::create(const std::vector<std::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char>>>> &, JNI::Version, bool)()
> 60       std::string libJvmPath = os::getenv("JAVA_JVM_LIBRARY", false);
> 61
> 62       if (libJvmPath.empty()) {
> 63         libJvmPath = mesos::internal::build::JAVA_JVM_LIBRARY;
> 64       }
> 65
> >>>     CID 1213892:  Use of untrusted string value  (TAINTED_STRING)
> >>>     Passing tainted string "libJvmPath.c_str()" to "dlopen(char const *, int)", which cannot accept tainted data.
> 66       void* handle = dlopen(libJvmPath.c_str(), RTLD_NOW);
> 67
> 68       if (handle == NULL) {
> 69         return Error(dlerror());
> 70       }
> 71



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)