You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2015/11/09 18:21:11 UTC

[jira] [Created] (TS-4003) CID 1338381 & 1022062: in traffic_cop

Leif Hedstrom created TS-4003:
---------------------------------

             Summary: CID 1338381 & 1022062: in traffic_cop
                 Key: TS-4003
                 URL: https://issues.apache.org/jira/browse/TS-4003
             Project: Traffic Server
          Issue Type: Bug
          Components: Cop
            Reporter: Leif Hedstrom


{code}
*** CID 1338381:  Security best practices violations  (STRING_OVERFLOW)
/cmd/traffic_cop/traffic_cop.cc: 759 in spawn_manager()()
753     
754       // Bind stdout and stderr of traffic_manager to traffic.out
755       int max_opts_len = OPTIONS_LEN_MAX - strlen(manager_options);
756       char tm_opt_buf[max_opts_len];
757       int cx = snprintf(tm_opt_buf, max_opts_len, " --%s %s --%s %s", TM_OPT_BIND_STDOUT, log_file, TM_OPT_BIND_STDERR, log_file);
758       if (cx >= 0 && cx < max_opts_len)
   CID 1338381:  Security best practices violations  (STRING_OVERFLOW)
   You might overrun the 1024 byte fixed-size string "manager_options" by copying "tm_opt_buf" without checking the length.
759         strcat(manager_options, tm_opt_buf);
760       else
761         cop_log(COP_WARNING, "bind_stdout and bind_stderr flags are too long, not binding anything\n");
762     
763       cop_log_trace("spawn_manager: Launching %s with options '%s'\n", prog, manager_options);
764       int i;

** CID 1022062:  Error handling issues  (CHECKED_RETURN)
/cmd/traffic_cop/traffic_cop.cc: 750 in spawn_manager()()


________________________________________________________________________________________________________
*** CID 1022062:  Error handling issues  (CHECKED_RETURN)
/cmd/traffic_cop/traffic_cop.cc: 750 in spawn_manager()()
744       //  of the way (TSqa2232)
745       // coverity[fs_check_call]
746       if (access(log_file, W_OK) < 0 && errno == EACCES) {
747         char old_log_file[PATH_NAME_MAX];
748         snprintf(old_log_file, sizeof(old_log_file), "%s.old", log_file);
749         // coverity[toctou]
   CID 1022062:  Error handling issues  (CHECKED_RETURN)
   Calling "rename(log_file, old_log_file)" without checking return value. This library function may fail and return an error code.
750         rename(log_file, old_log_file);
751         cop_log(COP_WARNING, "rename %s to %s as it is not accessible.\n", log_file, old_log_file);
752       }
753     
754       // Bind stdout and stderr of traffic_manager to traffic.out
755       int max_opts_len = OPTIONS_LEN_MAX - strlen(manager_options);

{code}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)