[jira] [Work logged] (TS-5063) CID 1365975, 1365974: Coverity warnings introduced with TS-4399:

Wed, 23 Nov 2016 13:45:12 -0800 

     [ 
https://issues.apache.org/jira/browse/TS-5063?focusedWorklogId=32379&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-32379
 ]

ASF GitHub Bot logged work on TS-5063:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 23/Nov/16 21:43
            Start Date: 23/Nov/16 21:43
    Worklog Time Spent: 10m 
      Work Description: Github user atsci commented on the issue:

    https://github.com/apache/trafficserver/pull/1234
  
    Linux build *successful*! See 
https://ci.trafficserver.apache.org/job/Github-Linux/1105/ for details.
     



Issue Time Tracking
-------------------

    Worklog Id:     (was: 32379)
    Time Spent: 40m  (was: 0.5h)

> CID 1365975, 1365974: Coverity warnings introduced with TS-4399:
> ----------------------------------------------------------------
>
>                 Key: TS-5063
>                 URL: https://issues.apache.org/jira/browse/TS-5063
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Manager
>            Reporter: Leif Hedstrom
>            Assignee: Leif Hedstrom
>             Fix For: 7.1.0
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> {code}
> *** CID 1365975:  Security best practices violations  (TOCTOU)
> /mgmt/LocalManager.cc: 984 in LocalManager::startProxy(const char *)()
> 978           Debug("lm", "opt %d = '%s'", i, tok);
> 979           options[i++] = tok;
> 980         }
> 981     
> 982         EnableDeathSignal(SIGTERM);
> 983     
>    CID 1365975:  Security best practices violations  (TOCTOU)
>    Calling function "execv" that uses "this->absolute_proxy_binary" after a 
> check function. This can cause a time-of-check, time-of-use race condition.
> 984         execv(absolute_proxy_binary, options);
> 985         mgmt_fatal(errno, "[LocalManager::startProxy] Exec of %s 
> failed\n", absolute_proxy_binary);
> 986       }
> 987       return true;
> 988     }
> 989     
> ** CID 1365974:  Null pointer dereferences  (FORWARD_NULL)
> /mgmt/LocalManager.cc: 937 in LocalManager::startProxy(const char *)()
> ________________________________________________________________________________________________________
> *** CID 1365974:  Null pointer dereferences  (FORWARD_NULL)
> /mgmt/LocalManager.cc: 937 in LocalManager::startProxy(const char *)()
> 931         if (onetime_options && *onetime_options) {
> 932           real_proxy_options.append(" ", strlen(" "));
> 933           real_proxy_options.append(onetime_options, 
> strlen(onetime_options));
> 934         }
> 935     
> 936         // Make sure we're starting the proxy in mgmt mode
>    CID 1365974:  Null pointer dereferences  (FORWARD_NULL)
>    Passing null pointer "onetime_options" to "strstr", which dereferences it. 
> [Note: The source code implementation of the function has been overridden by 
> a builtin model.]
> 937         if (strstr(proxy_options, MGMT_OPT) == 0 && 
> strstr(onetime_options, MGMT_OPT) == 0) {
> 938           real_proxy_options.append(" ", strlen(" "));
> 939           real_proxy_options.append(MGMT_OPT, sizeof(MGMT_OPT) - 1);
> 940         }
> 941     
> 942         // Check if we need to pass down port/fd information to
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to