[GitHub] [trafficserver] maskit opened a new issue, #10197: CID 1518117: Untrusted loop bound

Wed, 16 Aug 2023 10:51:07 -0700 


maskit opened a new issue, #10197:
URL: https://github.com/apache/trafficserver/issues/10197

   ```
   1330void static scan_span(Span *span, swoc::file::path const &regex_path)
   1331{
        1. Iterating over another element of span->_stripes.
        5. Iterating over another element of span->_stripes.
   1332  for (auto strp : span->_stripes) {
        6. tainted_argument: Calling function loadMeta taints argument 
strp->_meta. [[show 
details](https://scan6.scan.coverity.com/eventId=34730149-7&modelId=34730149-0&fileInstanceId=162996389&filePath=%2Fsrc%2Ftraffic_cache_tool%2FCacheDefs.cc&fileStart=879&fileEnd=1002)]
   1333    strp->loadMeta();
   1334    strp->loadDir();
   1335
        2. Condition !regex_path->empty(), taking true branch.
        7. Condition !regex_path->empty(), taking true branch.
   1336    if (!regex_path.empty()) {
        8. identity_transfer: Passing strp as argument 1 to constructor for 
class CacheScan, which sets cs.stripe to that argument. [[show 
details](https://scan6.scan.coverity.com/eventId=34730149-41&modelId=34730149-1&fileInstanceId=162996392&filePath=%2Fsrc%2Ftraffic_cache_tool%2FCacheScan.h&fileStart=46&fileEnd=51)]
   1337      CacheScan cs(strp, regex_path);
        
   CID 1518117 (#2 of 2): Untrusted loop bound (TAINTED_SCALAR)
   9. tainted_data: Passing tainted expression cs.stripe to Scan, which uses it 
as a loop boundary. [[show 
details](https://scan6.scan.coverity.com/eventId=34730149-44&modelId=34730149-2&fileInstanceId=162996391&filePath=%2Fsrc%2Ftraffic_cache_tool%2FCacheScan.cc&fileStart=37&fileEnd=77)]
        Ensure that tainted values are properly sanitized, by checking that 
their values are within a permissible range.
   1338      cs.Scan(true);
        3. Falling through to end of if statement.
   1339    } else {
   1340      CacheScan cs(strp);
                CID 1518117 (#1 of 2): Untrusted loop bound (TAINTED_SCALAR) 
[[select 
issue](https://scan6.scan.coverity.com/defectInstanceId=34730117&fileInstanceId=162214410&mergedDefectId=1518117)]
   1341      cs.Scan(false);
   1342    }
        4. Jumping back to the beginning of the loop.
   1343  }
   1344}
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to