[Bug 1021422] New: Insufficient validation of PID file contents

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1021422

            Bug ID: 1021422
           Summary: Insufficient validation of PID file contents
           Product: Fedora EPEL
           Version: el6
         Component: perl-File-Pid
          Severity: low
          Assignee: iarn...@gmail.com
          Reporter: d.e.smorg...@usit.uio.no
        QA Contact: extras...@fedoraproject.org
                CC: iarn...@gmail.com, perl-devel@lists.fedoraproject.org
   External Bug ID: CPAN 89647



Created attachment 814502
  --> https://bugzilla.redhat.com/attachment.cgi?id=814502&action=edit
Patch for Pid.pm and spec file

Description of problem:

File::Pid::running() passes undef as the PID argument to kill().

Version-Release number of selected component (if applicable):

1.01-2.el6.src.rpm

How reproducible:

100%

Steps to Reproduce:

First test case:

  touch /tmp/frobozz.pid
  perl -w -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid'
})->running();"

Second test case:

  echo >/tmp/frobozz.pid
  perl -w -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid'
})->running();"

Third test case:

  echo >/tmp/frobozz.pid
  perl -Tw -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid'
})->running();"

Actual results:

First test case:

  Use of uninitialized value $pid in chomp at /usr/share/perl5/File/Pid.pm line
175.
  Use of uninitialized value $pid in chomp at /usr/share/perl5/File/Pid.pm line
175.
  Use of uninitialized value $pid in kill at /usr/share/perl5/File/Pid.pm line
124.
  not running

Second test case:

  Argument "" isn't numeric in kill at /usr/share/perl5/File/Pid.pm line 124.
  not running

Third test case:

  Insecure dependency in kill while running with -T switch at
/usr/share/perl5/File/Pid.pm line 124.

Expected results:

In all three cases, merely

  not running

Additional info:

Patch attached.  Regression tests are left as an exercise for the reader.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug 
https://bugzilla.redhat.com/token.cgi?t=8qnGB4l9lK&a=cc_unsubscribe
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/perl-devel