-
Notifications
You must be signed in to change notification settings - Fork 231
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix coverity unbounded source buffer issues #989
base: master
Are you sure you want to change the base?
Fix coverity unbounded source buffer issues #989
Conversation
Please paste such a Coverity scan report in the commit message. It would be helpful when reviewing. |
It encapsulates some logic that we may want to reuse elsewhere. Link: <shadow-maint#989> Signed-off-by: Alejandro Colomar <[email protected]>
It encapsulates some logic that we may want to reuse elsewhere. Link: <shadow-maint#989> Signed-off-by: Alejandro Colomar <[email protected]>
It encapsulates some logic that we may want to reuse elsewhere. Link: <shadow-maint#989> Signed-off-by: Alejandro Colomar <[email protected]>
It encapsulates some logic that we may want to reuse elsewhere. Link: <#989> Signed-off-by: Alejandro Colomar <[email protected]>
Can you please rebase the branch? Edit: I've done it myself for you. v1b:
|
a90453e
to
bb74110
Compare
Please address the issues raised. |
I've converted your PR to draft, since it's not ready for review. Please address the comments. |
bb74110
to
7b8d2f7
Compare
7b8d2f7
to
21af660
Compare
21af660
to
1351181
Compare
Hi, would you mind updating the PR? |
dfa4448
to
3276c83
Compare
Hi @alejandro-colomar , the PR is cleaned and rebased -> it should be ready for merging. |
Does this change remove all of the coverity reports? Which of them are still present after this change? |
This will not remove the coverity reports issues. To remove the coverity report errors we would need to use xstrdup as it was in my original code. However, in this case I will prepare a separate PR after merging this one. |
Then the commit message should be updated to reflect what this commit does. |
3276c83
to
28aed99
Compare
The commit message is updated. |
I don't understand that sentence. Could you please rephrase? |
28aed99
to
6279ad6
Compare
Please, check now. The main reported issue by coverity is:
Passing string user of unknown size to syslog |
You should say lengths instead of sizes. $ grepc is_valid_user_name .
./lib/chkname.h:extern bool is_valid_user_name (const char *name);
./lib/chkname.c:bool
is_valid_user_name(const char *name)
{
if (strlen(name) >= login_name_max_size()) {
errno = EOVERFLOW;
return false;
}
return is_valid_name(name);
} |
The report is actually fixed, I think. What the patch doesn't do is "silence" it. Please reword. Other than that, it more or less LGTM. |
6279ad6
to
ca15d35
Compare
Wording is corrected. |
During coverity scan, there are reported four issues with unbounded source buffer for each usage of input arg directly with syslog function. Sample coverity test report for chsh.c file: 1. string_size_argv: argv contains strings with unknown size. int main (int argc, char **argv) [...] 4. var_assign_var: Assigning: user = argv[optind]. Both are now tainted. user = argv[optind]; [...] CID 5771784: (shadow-maint#1 of 1): Unbounded source buffer (STRING_SIZE) 15. string_size: Passing string user of unknown size to syslog. SYSLOG ((LOG_INFO, "changed user '%s' shell to '%s'", user, loginsh)); Similar issue is reported three times more: File: chfn.c, function: main, variable: user File: passwd.c, function: main, variable: name File: newgrp.c, function: main, variable: group This commit is the first approach to fix the reported issues. The proposed changes add conditions, which verify the user and group names arguments, including their lengths. This will not silence the coverity reports, but the change causes that they are irrelevant and could be ignored.
ca15d35
to
e381b2d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks!
Fix coverity unbound buffer issues
During coverity scan, there are reported four issues
with unbounded source buffer for each usage of input arg
directly with syslog function.
Sample coverity test report for chsh.c file:
int main (int argc, char **argv)
[...]
user = argv[optind];
[...]
CID 5771784: (Retiring certain usernames. #1 of 1): Unbounded source buffer (STRING_SIZE)
SYSLOG ((LOG_INFO, "changed user '%s' shell to '%s'", user, loginsh));
Similar issue is reported three times more:
File: chfn.c, function: main, variable: user
File: passwd.c, function: main, variable: name
File: newgrp.c, function: main, variable: group
The proposed commit is a try to fix the reported issues
by adding a check for a valid user or group names.