[
https://issues.apache.org/jira/browse/MESOS-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Niklas Quarfot Nielsen closed MESOS-1355.
-----------------------------------------
Resolution: Won't Fix
> Use of untrusted string value in jvm.cpp
> ----------------------------------------
>
> Key: MESOS-1355
> URL: https://issues.apache.org/jira/browse/MESOS-1355
> Project: Mesos
> Issue Type: Bug
> Reporter: Niklas Quarfot Nielsen
> Labels: coverity, security
>
> ________________________________________________________________________________________________________
> *** CID 1213892: Use of untrusted string value (TAINTED_STRING)
> /src/jvm/jvm.cpp: 66 in Jvm::create(const std::vector<std::basic_string<char,
> std::char_traits<char>, std::allocator<char>>,
> std::allocator<std::basic_string<char, std::char_traits<char>,
> std::allocator<char>>>> &, JNI::Version, bool)()
> 60 std::string libJvmPath = os::getenv("JAVA_JVM_LIBRARY", false);
> 61
> 62 if (libJvmPath.empty()) {
> 63 libJvmPath = mesos::internal::build::JAVA_JVM_LIBRARY;
> 64 }
> 65
> >>> CID 1213892: Use of untrusted string value (TAINTED_STRING)
> >>> Passing tainted string "libJvmPath.c_str()" to "dlopen(char const *,
> >>> int)", which cannot accept tainted data.
> 66 void* handle = dlopen(libJvmPath.c_str(), RTLD_NOW);
> 67
> 68 if (handle == NULL) {
> 69 return Error(dlerror());
> 70 }
> 71
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
