[GitHub] [trafficserver] maskit opened a new issue, #10199: CID 1508997: Out-of-bounds access

Wed, 16 Aug 2023 10:56:29 -0700 


maskit opened a new issue, #10199:
URL: https://github.com/apache/trafficserver/issues/10199

   ```
   101int
   102get_redis_auth_key(char *retKeyBuff, int buffSize)
   103{
   104  int retval = 0;
   105  // Get the Key
        1. Condition ssl_param.redis_auth_key_file.length(), taking true branch.
   106  if (ssl_param.redis_auth_key_file.length()) {
   107    int fd = open(ssl_param.redis_auth_key_file.c_str(), O_RDONLY);
   108    struct stat info;
                CID 1508975: Argument cannot be negative (NEGATIVE_RETURNS) 
[[select 
issue](https://scan6.scan.coverity.com/defectInstanceId=34625550&fileInstanceId=157339969&mergedDefectId=1508975)]
        2. Condition 0 == fstat(fd, &info), taking true branch.
   109    if (0 == fstat(fd, &info)) {
   110      size_t n = info.st_size;
   111      std::string key_data;
   112      key_data.resize(n);
        3. return_constant: Function call read(fd, const_cast<char 
*>(key_data.data()), n) may return -1.
        4. assignment: Assigning: read_len = read(fd, const_cast<char 
*>(key_data.data()), n). The value of read_len is now -1.
   113      auto read_len = read(fd, const_cast<char *>(key_data.data()), n);
   114      // Strip any trailing newlines
        5. Condition read_len > 1, taking false branch.
   115      while (read_len > 1 && key_data[read_len - 1] == '\n') {
   116        --read_len;
   117      }
   118      memset(retKeyBuff, 0, buffSize);
                CID 1508982: Argument cannot be negative (NEGATIVE_RETURNS) 
[[select 
issue](https://scan6.scan.coverity.com/defectInstanceId=34625480&fileInstanceId=157339969&mergedDefectId=1508982)]
        
   CID 1508997 (#1 of 1): Out-of-bounds access (OVERRUN)
   6. overrun-buffer-arg: Calling strncpy with retKeyBuff and read_len is 
suspicious because of the very large index, 18446744073709551615. The index may 
be due to a negative parameter being interpreted as unsigned.
   119      strncpy(retKeyBuff, key_data.c_str(), read_len);
   120      retval = key_data.length();
   121    }
                CID 1508977 (2): Resource leak (RESOURCE_LEAK) [[select 
issue](https://scan6.scan.coverity.com/defectInstanceId=34625646&fileInstanceId=157339969&mergedDefectId=1508977)]
   122  } else {
   123    TSError("Can not get redis auth key.");
   124  }
   125
   126  return retval;
   127}
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to