I got a new report from Coverity: CID 1423264: Insecure data handling (TAINTED_SCALAR)
** CID 1423265: Insecure data handling (TAINTED_SCALAR)
/Modules/main.c: 1393 in pymain_get_env_var_dup()
________________________________________________________________________________________________________
*** CID 1423265: Insecure data handling (TAINTED_SCALAR)
/Modules/main.c: 1393 in pymain_get_env_var_dup()
1387 if (!var || var[0] == '\0') {
1388 *dest = NULL;
1389 return 0;
1390 }
1391
1392 size_t len;
>>> CID 1423265: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "var" to a tainted sink. [Note: The source code implementation of the function has been overridden by a user model.]
1393 wchar_t *wvar = Py_DecodeLocale(var, &len);
1394 if (!wvar) {
1395 if (len == (size_t)-2) {
1396 /* don't set pymain->err */
1397 return -2;
1398 }
** CID 1423264: Insecure data handling (TAINTED_SCALAR)
/Modules/getpath.c: 909 in calculate_init()
________________________________________________________________________________________________________
*** CID 1423264: Insecure data handling (TAINTED_SCALAR)
/Modules/getpath.c: 909 in calculate_init()
903 return err;
904 }
905
906 size_t len;
907 char *path = getenv("PATH");
908 if (path) {
>>> CID 1423264: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "path" to a tainted sink. [Note: The source code implementation of the function has been overridden by a user model.]
909 calculate->path_env = Py_DecodeLocale(path, &len);
910 if (!calculate->path_env) {
911 return DECODE_FAILED("PATH environment variable", len);
912 }
913 }
914
Christian Heimes told me on IRC that Coverity "thinks that all values from getenv are bad". Ok.
__coverity_tainted_data_sink__() is supposed to say that we sanitized data, and this is what Py_DecodeLocale() model does:
wchar_t *Py_DecodeLocale(const char* arg, size_t *size)
{
wchar_t *w;
__coverity_tainted_data_sink__(arg);
__coverity_tainted_data_sink__(size);
return w;
}
I refactored recently Modules/main.c, Modules/getpath.c and PC/getpathp.c code, but the code isn't really new, I mostly "moved" code. Maybe these warnings were simply ignored previously?
|