You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Dominic Hamon (JIRA)" <ji...@apache.org> on 2014/11/10 20:39:34 UTC
[jira] [Updated] (MESOS-1355) Use of untrusted string value in
jvm.cpp
[ https://issues.apache.org/jira/browse/MESOS-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dominic Hamon updated MESOS-1355:
---------------------------------
Labels: coverity security (was: coverity)
> Use of untrusted string value in jvm.cpp
> ----------------------------------------
>
> Key: MESOS-1355
> URL: https://issues.apache.org/jira/browse/MESOS-1355
> Project: Mesos
> Issue Type: Bug
> Reporter: Niklas Quarfot Nielsen
> Labels: coverity, security
>
> ________________________________________________________________________________________________________
> *** CID 1213892: Use of untrusted string value (TAINTED_STRING)
> /src/jvm/jvm.cpp: 66 in Jvm::create(const std::vector<std::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char>>>> &, JNI::Version, bool)()
> 60 std::string libJvmPath = os::getenv("JAVA_JVM_LIBRARY", false);
> 61
> 62 if (libJvmPath.empty()) {
> 63 libJvmPath = mesos::internal::build::JAVA_JVM_LIBRARY;
> 64 }
> 65
> >>> CID 1213892: Use of untrusted string value (TAINTED_STRING)
> >>> Passing tainted string "libJvmPath.c_str()" to "dlopen(char const *, int)", which cannot accept tainted data.
> 66 void* handle = dlopen(libJvmPath.c_str(), RTLD_NOW);
> 67
> 68 if (handle == NULL) {
> 69 return Error(dlerror());
> 70 }
> 71
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)