This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Coverity: CID 1423264: Insecure data handling (TAINTED_SCALAR)
Type: security Stage: resolved
Components: Interpreter Core Versions: Python 3.7
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, vstinner
Priority: normal Keywords:

Created on 2017-11-30 15:33 by vstinner, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (1)
msg307321 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017-11-30 15:33
I got a new report from Coverity: CID 1423264: Insecure data handling  (TAINTED_SCALAR)



** CID 1423265:  Insecure data handling  (TAINTED_SCALAR)
/Modules/main.c: 1393 in pymain_get_env_var_dup()


________________________________________________________________________________________________________
*** CID 1423265:  Insecure data handling  (TAINTED_SCALAR)
/Modules/main.c: 1393 in pymain_get_env_var_dup()
1387         if (!var || var[0] == '\0') {
1388             *dest = NULL;
1389             return 0;
1390         }
1391
1392         size_t len;
>>>     CID 1423265:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "var" to a tainted sink. [Note: The source code implementation of the function has been overridden by a user model.]
1393         wchar_t *wvar = Py_DecodeLocale(var, &len);
1394         if (!wvar) {
1395             if (len == (size_t)-2) {
1396                 /* don't set pymain->err */
1397                 return -2;
1398             }

** CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
/Modules/getpath.c: 909 in calculate_init()


________________________________________________________________________________________________________
*** CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
/Modules/getpath.c: 909 in calculate_init()
903             return err;
904         }
905
906         size_t len;
907         char *path = getenv("PATH");
908         if (path) {
>>>     CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "path" to a tainted sink. [Note: The source code implementation of the function has been overridden by a user model.]
909             calculate->path_env = Py_DecodeLocale(path, &len);
910             if (!calculate->path_env) {
911                 return DECODE_FAILED("PATH environment variable", len);
912             }
913         }
914


Christian Heimes told me on IRC that Coverity "thinks that all values from getenv are bad". Ok.

__coverity_tainted_data_sink__() is supposed to say that we sanitized data, and this is what Py_DecodeLocale() model does:

wchar_t *Py_DecodeLocale(const char* arg, size_t *size)
{
   wchar_t *w;
    __coverity_tainted_data_sink__(arg);
    __coverity_tainted_data_sink__(size);
   return w;
}


I refactored recently Modules/main.c, Modules/getpath.c and PC/getpathp.c code, but the code isn't really new, I mostly "moved" code. Maybe these warnings were simply ignored previously?
History
Date User Action Args
2022-04-11 14:58:55adminsetgithub: 76364
2018-09-19 23:07:18vstinnersetstatus: open -> closed
resolution: out of date
stage: needs patch -> resolved
2017-11-30 15:35:34christian.heimessetassignee: christian.heimes
stage: needs patch
2017-11-30 15:33:32vstinnercreate