[jira] [Updated] (MESOS-1355) Use of untrusted string value in jvm.cpp
[ https://issues.apache.org/jira/browse/MESOS-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dominic Hamon updated MESOS-1355: - Labels: coverity security (was: coverity) > Use of untrusted string value in jvm.cpp > > > Key: MESOS-1355 > URL: https://issues.apache.org/jira/browse/MESOS-1355 > Project: Mesos > Issue Type: Bug >Reporter: Niklas Quarfot Nielsen > Labels: coverity, security > > > *** CID 1213892: Use of untrusted string value (TAINTED_STRING) > /src/jvm/jvm.cpp: 66 in Jvm::create(const std::vector std::char_traits, std::allocator>, > std::allocator, > std::allocator>>> &, JNI::Version, bool)() > 60 std::string libJvmPath = os::getenv("JAVA_JVM_LIBRARY", false); > 61 > 62 if (libJvmPath.empty()) { > 63 libJvmPath = mesos::internal::build::JAVA_JVM_LIBRARY; > 64 } > 65 > >>> CID 1213892: Use of untrusted string value (TAINTED_STRING) > >>> Passing tainted string "libJvmPath.c_str()" to "dlopen(char const *, > >>> int)", which cannot accept tainted data. > 66 void* handle = dlopen(libJvmPath.c_str(), RTLD_NOW); > 67 > 68 if (handle == NULL) { > 69 return Error(dlerror()); > 70 } > 71 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (MESOS-1355) Use of untrusted string value in jvm.cpp
[ https://issues.apache.org/jira/browse/MESOS-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dominic Hamon updated MESOS-1355: - Issue Type: Bug (was: Technical task) Parent: (was: MESOS-1351) > Use of untrusted string value in jvm.cpp > > > Key: MESOS-1355 > URL: https://issues.apache.org/jira/browse/MESOS-1355 > Project: Mesos > Issue Type: Bug >Reporter: Niklas Quarfot Nielsen > Labels: coverity > > > *** CID 1213892: Use of untrusted string value (TAINTED_STRING) > /src/jvm/jvm.cpp: 66 in Jvm::create(const std::vector std::char_traits, std::allocator>, > std::allocator, > std::allocator>>> &, JNI::Version, bool)() > 60 std::string libJvmPath = os::getenv("JAVA_JVM_LIBRARY", false); > 61 > 62 if (libJvmPath.empty()) { > 63 libJvmPath = mesos::internal::build::JAVA_JVM_LIBRARY; > 64 } > 65 > >>> CID 1213892: Use of untrusted string value (TAINTED_STRING) > >>> Passing tainted string "libJvmPath.c_str()" to "dlopen(char const *, > >>> int)", which cannot accept tainted data. > 66 void* handle = dlopen(libJvmPath.c_str(), RTLD_NOW); > 67 > 68 if (handle == NULL) { > 69 return Error(dlerror()); > 70 } > 71 -- This message was sent by Atlassian JIRA (v6.2#6252)