Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-1355

Use of untrusted string value in jvm.cpp

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      ________________________________________________________________________________________________________

          • CID 1213892: Use of untrusted string value (TAINTED_STRING)
            /src/jvm/jvm.cpp: 66 in Jvm::create(const std::vector<std::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char>>>> &, JNI::Version, bool)()
            60 std::string libJvmPath = os::getenv("JAVA_JVM_LIBRARY", false);
            61
            62 if (libJvmPath.empty()) { 63 libJvmPath = mesos::internal::build::JAVA_JVM_LIBRARY; 64 }

            65
            >>> CID 1213892: Use of untrusted string value (TAINTED_STRING)
            >>> Passing tainted string "libJvmPath.c_str()" to "dlopen(char const *, int)", which cannot accept tainted data.
            66 void* handle = dlopen(libJvmPath.c_str(), RTLD_NOW);
            67
            68 if (handle == NULL)

            { 69 return Error(dlerror()); 70 }

            71

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              nnielsen Niklas Quarfot Nielsen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: