[MESOS-1355] Use of untrusted string value in jvm.cpp - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- coverity
- security

Description

________________________________________________________________________________________________________

- - CID 1213892: Use of untrusted string value (TAINTED_STRING)
    /src/jvm/jvm.cpp: 66 in Jvm::create(const std::vector<std::basic_string<char, std::char_traits<char>, std::allocator<char>>, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char>>>> &, JNI::Version, bool)()
    60 std::string libJvmPath = os::getenv("JAVA_JVM_LIBRARY", false);
    61
    62 if (libJvmPath.empty()) { 63 libJvmPath = mesos::internal::build::JAVA_JVM_LIBRARY; 64 }
    65
    >>> CID 1213892: Use of untrusted string value (TAINTED_STRING)
    >>> Passing tainted string "libJvmPath.c_str()" to "dlopen(char const *, int)", which cannot accept tainted data.
    66 void* handle = dlopen(libJvmPath.c_str(), RTLD_NOW);
    67
    68 if (handle == NULL)
    { 69 return Error(dlerror()); 70 }
    71

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Niklas Quarfot Nielsen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/May/14 15:36

Updated:: 02/Jul/15 18:43

Resolved:: 07/Jan/15 16:17