GitHub user zwoop opened an issue: https://github.com/apache/trafficserver/issues/1302
CID 1368306 & 1368305: NULLPTR and security BP in logical.cc ```c ** CID 1368306: Security best practices violations (TOCTOU) /proxy/logcat.cc: 299 in main() ________________________________________________________________________________________________________ *** CID 1368306: Security best practices violations (TOCTOU) /proxy/logcat.cc: 299 in main() 293 294 if (n_file_arguments) { 295 int bin_ext_len = strlen(LOG_FILE_BINARY_OBJECT_FILENAME_EXTENSION); 296 int ascii_ext_len = strlen(LOG_FILE_ASCII_OBJECT_FILENAME_EXTENSION); 297 298 for (unsigned i = 0; i < n_file_arguments; ++i) { CID 1368306: Security best practices violations (TOCTOU) Calling function "open" that uses "file_arguments[i]" after a check function. This can cause a time-of-check, time-of-use race condition. 299 int in_fd = open(file_arguments[i], O_RDONLY); 300 if (in_fd < 0) { 301 fprintf(stderr, "Error opening input file %s: ", file_arguments[i]); 302 perror(0); 303 error = DATA_PROCESSING_ERROR; 304 } else { ** CID 1368305: Null pointer dereferences (REVERSE_INULL) /plugins/experimental/money_trace/money_trace.cc: 129 in mt_check_request_header(tsapi_httptxn *)() ________________________________________________________________________________________________________ *** CID 1368305: Null pointer dereferences (REVERSE_INULL) /plugins/experimental/money_trace/money_trace.cc: 129 in mt_check_request_header(tsapi_httptxn *)() 123 txn_data = allocTransactionData(); 124 txn_data->client_request_mt_header = TSstrndup(hdr_value, length); 125 txn_data->client_request_mt_header[length] = '\0'; // workaround for bug in core. 126 LOG_DEBUG("found money trace header: %s, length: %d", txn_data->client_request_mt_header, length); 127 if (nullptr == (contp = TSContCreate(transaction_handler, nullptr))) { 128 LOG_ERROR("failed to create the transaction handler continuation"); CID 1368305: Null pointer dereferences (REVERSE_INULL) Null-checking "txn_data" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 129 if (nullptr != txn_data) { 130 TSfree(txn_data->client_request_mt_header); 131 TSfree(txn_data); 132 } 133 } else { 134 TSContDataSet(contp, txn_data); ``` ---- ---- --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---