[jira] [Created] (MESOS-1355) Use of untrusted string value in jvm.cpp

Niklas Quarfot Nielsen (JIRA) Tue, 13 May 2014 17:38:25 -0700

Niklas Quarfot Nielsen created MESOS-1355:
---------------------------------------------


             Summary: Use of untrusted string value in jvm.cpp
                 Key: MESOS-1355
                 URL: https://issues.apache.org/jira/browse/MESOS-1355
             Project: Mesos
          Issue Type: Technical task
            Reporter: Niklas Quarfot Nielsen


________________________________________________________________________________________________________
*** CID 1213892:  Use of untrusted string value  (TAINTED_STRING)
/src/jvm/jvm.cpp: 66 in Jvm::create(const std::vector<std::basic_string<char, 
std::char_traits<char>, std::allocator<char>>, 
std::allocator<std::basic_string<char, std::char_traits<char>, 
std::allocator<char>>>> &, JNI::Version, bool)()
60       std::string libJvmPath = os::getenv("JAVA_JVM_LIBRARY", false);
61
62       if (libJvmPath.empty()) {
63         libJvmPath = mesos::internal::build::JAVA_JVM_LIBRARY;
64       }
65
>>>     CID 1213892:  Use of untrusted string value  (TAINTED_STRING)
>>>     Passing tainted string "libJvmPath.c_str()" to "dlopen(char const *, 
>>> int)", which cannot accept tainted data.
66       void* handle = dlopen(libJvmPath.c_str(), RTLD_NOW);
67
68       if (handle == NULL) {
69         return Error(dlerror());
70       }
71



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Created] (MESOS-1355) Use of untrusted string value in jvm.cpp

Reply via email to