Issue 32183: Coverity: CID 1423264: Insecure data handling (TAINTED_SCALAR)

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/76364

classification

Title:	Coverity: CID 1423264: Insecure data handling (TAINTED_SCALAR)
Type:	security	Stage:	resolved
Components:	Interpreter Core	Versions:	Python 3.7

process

Status:	closed	Resolution:	out of date
Dependencies:		Superseder:
Assigned To:	christian.heimes	Nosy List:	christian.heimes, vstinner
Priority:	normal	Keywords:

Created on 2017-11-30 15:33 by vstinner, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (1)
msg307321 - (view)	Author: STINNER Victor (vstinner) *	Date: 2017-11-30 15:33
I got a new report from Coverity: CID 1423264: Insecure data handling (TAINTED_SCALAR) CID 1423265: Insecure data handling (TAINTED_SCALAR) /Modules/main.c: 1393 in pymain_get_env_var_dup() ________________________________________________________________________________________________________ * CID 1423265: Insecure data handling (TAINTED_SCALAR) /Modules/main.c: 1393 in pymain_get_env_var_dup() 1387 if (!var \|\| var[0] == '\0') { 1388 dest = NULL; 1389 return 0; 1390 } 1391 1392 size_t len; >>> CID 1423265: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "var" to a tainted sink. [Note: The source code implementation of the function has been overridden by a user model.] 1393 wchar_t wvar = Py_DecodeLocale(var, &len); 1394 if (!wvar) { 1395 if (len == (size_t)-2) { 1396 /* don't set pymain->err / 1397 return -2; 1398 } * CID 1423264: Insecure data handling (TAINTED_SCALAR) /Modules/getpath.c: 909 in calculate_init() ________________________________________________________________________________________________________ *** CID 1423264: Insecure data handling (TAINTED_SCALAR) /Modules/getpath.c: 909 in calculate_init() 903 return err; 904 } 905 906 size_t len; 907 char path = getenv("PATH"); 908 if (path) { >>> CID 1423264: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "path" to a tainted sink. [Note: The source code implementation of the function has been overridden by a user model.] 909 calculate->path_env = Py_DecodeLocale(path, &len); 910 if (!calculate->path_env) { 911 return DECODE_FAILED("PATH environment variable", len); 912 } 913 } 914 Christian Heimes told me on IRC that Coverity "thinks that all values from getenv are bad". Ok. __coverity_tainted_data_sink__() is supposed to say that we sanitized data, and this is what Py_DecodeLocale() model does: wchar_t Py_DecodeLocale(const char* arg, size_t size) { wchar_t w; __coverity_tainted_data_sink__(arg); __coverity_tainted_data_sink__(size); return w; } I refactored recently Modules/main.c, Modules/getpath.c and PC/getpathp.c code, but the code isn't really new, I mostly "moved" code. Maybe these warnings were simply ignored previously?

msg307321 - (view)

Author: STINNER Victor (vstinner) * (Python committer)

Date: 2017-11-30 15:33

I got a new report from Coverity: CID 1423264: Insecure data handling  (TAINTED_SCALAR)



** CID 1423265:  Insecure data handling  (TAINTED_SCALAR)
/Modules/main.c: 1393 in pymain_get_env_var_dup()


________________________________________________________________________________________________________
*** CID 1423265:  Insecure data handling  (TAINTED_SCALAR)
/Modules/main.c: 1393 in pymain_get_env_var_dup()
1387         if (!var || var[0] == '\0') {
1388             *dest = NULL;
1389             return 0;
1390         }
1391
1392         size_t len;
>>>     CID 1423265:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "var" to a tainted sink. [Note: The source code implementation of the function has been overridden by a user model.]
1393         wchar_t *wvar = Py_DecodeLocale(var, &len);
1394         if (!wvar) {
1395             if (len == (size_t)-2) {
1396                 /* don't set pymain->err */
1397                 return -2;
1398             }

** CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
/Modules/getpath.c: 909 in calculate_init()


________________________________________________________________________________________________________
*** CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
/Modules/getpath.c: 909 in calculate_init()
903             return err;
904         }
905
906         size_t len;
907         char *path = getenv("PATH");
908         if (path) {
>>>     CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "path" to a tainted sink. [Note: The source code implementation of the function has been overridden by a user model.]
909             calculate->path_env = Py_DecodeLocale(path, &len);
910             if (!calculate->path_env) {
911                 return DECODE_FAILED("PATH environment variable", len);
912             }
913         }
914


Christian Heimes told me on IRC that Coverity "thinks that all values from getenv are bad". Ok.

__coverity_tainted_data_sink__() is supposed to say that we sanitized data, and this is what Py_DecodeLocale() model does:

wchar_t *Py_DecodeLocale(const char* arg, size_t *size)
{
   wchar_t *w;
    __coverity_tainted_data_sink__(arg);
    __coverity_tainted_data_sink__(size);
   return w;
}


I refactored recently Modules/main.c, Modules/getpath.c and PC/getpathp.c code, but the code isn't really new, I mostly "moved" code. Maybe these warnings were simply ignored previously?

History
Date	User	Action	Args
2022-04-11 14:58:55	admin	set	github: 76364
2018-09-19 23:07:18	vstinner	set	status: open -> closed resolution: out of date stage: needs patch -> resolved
2017-11-30 15:35:34	christian.heimes	set	assignee: christian.heimes stage: needs patch
2017-11-30 15:33:32	vstinner	create