[
https://issues.apache.org/jira/browse/TS-5063?focusedWorklogId=32377&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-32377
]
ASF GitHub Bot logged work on TS-5063:
--------------------------------------
Author: ASF GitHub Bot
Created on: 23/Nov/16 21:36
Start Date: 23/Nov/16 21:36
Worklog Time Spent: 10m
Work Description: Github user jpeach commented on a diff in the pull
request:
https://github.com/apache/trafficserver/pull/1234#discussion_r89402683
--- Diff: mgmt/LocalManager.cc ---
@@ -950,29 +949,27 @@ LocalManager::startProxy(const char *onetime_options)
if (open_ports_p) {
char portbuf[128];
bool need_comma_p = false;
- real_proxy_options.append(" --httpport ", strlen(" --httpport "));
+
+ ink_strlcat(real_proxy_options, " --httpport ", strlen(" --httpport
"));
for (int i = 0, limit = m_proxy_ports.length(); i < limit; ++i) {
HttpProxyPort &p = m_proxy_ports[i];
if (ts::NO_FD != p.m_fd) {
if (need_comma_p) {
- real_proxy_options.append(',');
+ ink_strlcat(real_proxy_options, ",", 1);
}
need_comma_p = true;
p.print(portbuf, sizeof(portbuf));
- real_proxy_options.append((const char *)portbuf,
strlen(portbuf));
+ ink_strlcat(real_proxy_options, (const char *)portbuf,
strlen(portbuf));
--- End diff --
The size argument to
[strlcat](https://www.freebsd.org/cgi/man.cgi?query=strlcat&sektion=3&apropos=0&manpath=FreeBSD+6.2-RELEASE)
is the size of the destination buffer. All these usages are passing the wrong
size.
Issue Time Tracking
-------------------
Worklog Id: (was: 32377)
Time Spent: 20m (was: 10m)
> CID 1365975, 1365974: Coverity warnings introduced with TS-4399:
> ----------------------------------------------------------------
>
> Key: TS-5063
> URL: https://issues.apache.org/jira/browse/TS-5063
> Project: Traffic Server
> Issue Type: Bug
> Components: Manager
> Reporter: Leif Hedstrom
> Assignee: Leif Hedstrom
> Fix For: 7.1.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> {code}
> *** CID 1365975: Security best practices violations (TOCTOU)
> /mgmt/LocalManager.cc: 984 in LocalManager::startProxy(const char *)()
> 978 Debug("lm", "opt %d = '%s'", i, tok);
> 979 options[i++] = tok;
> 980 }
> 981
> 982 EnableDeathSignal(SIGTERM);
> 983
> CID 1365975: Security best practices violations (TOCTOU)
> Calling function "execv" that uses "this->absolute_proxy_binary" after a
> check function. This can cause a time-of-check, time-of-use race condition.
> 984 execv(absolute_proxy_binary, options);
> 985 mgmt_fatal(errno, "[LocalManager::startProxy] Exec of %s
> failed\n", absolute_proxy_binary);
> 986 }
> 987 return true;
> 988 }
> 989
> ** CID 1365974: Null pointer dereferences (FORWARD_NULL)
> /mgmt/LocalManager.cc: 937 in LocalManager::startProxy(const char *)()
> ________________________________________________________________________________________________________
> *** CID 1365974: Null pointer dereferences (FORWARD_NULL)
> /mgmt/LocalManager.cc: 937 in LocalManager::startProxy(const char *)()
> 931 if (onetime_options && *onetime_options) {
> 932 real_proxy_options.append(" ", strlen(" "));
> 933 real_proxy_options.append(onetime_options,
> strlen(onetime_options));
> 934 }
> 935
> 936 // Make sure we're starting the proxy in mgmt mode
> CID 1365974: Null pointer dereferences (FORWARD_NULL)
> Passing null pointer "onetime_options" to "strstr", which dereferences it.
> [Note: The source code implementation of the function has been overridden by
> a builtin model.]
> 937 if (strstr(proxy_options, MGMT_OPT) == 0 &&
> strstr(onetime_options, MGMT_OPT) == 0) {
> 938 real_proxy_options.append(" ", strlen(" "));
> 939 real_proxy_options.append(MGMT_OPT, sizeof(MGMT_OPT) - 1);
> 940 }
> 941
> 942 // Check if we need to pass down port/fd information to
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
