[issue32183] Coverity: CID 1423264: Insecure data handling (TAINTED_SCALAR)

Thu, 30 Nov 2017 07:34:30 -0800 

New submission from STINNER Victor <victor.stin...@gmail.com>:

I got a new report from Coverity: CID 1423264: Insecure data handling  
(TAINTED_SCALAR)



** CID 1423265:  Insecure data handling  (TAINTED_SCALAR)
/Modules/main.c: 1393 in pymain_get_env_var_dup()


________________________________________________________________________________________________________
*** CID 1423265:  Insecure data handling  (TAINTED_SCALAR)
/Modules/main.c: 1393 in pymain_get_env_var_dup()
1387         if (!var || var[0] == '\0') {
1388             *dest = NULL;
1389             return 0;
1390         }
1391
1392         size_t len;
>>>     CID 1423265:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "var" to a tainted sink. [Note: The source 
>>> code implementation of the function has been overridden by a user model.]
1393         wchar_t *wvar = Py_DecodeLocale(var, &len);
1394         if (!wvar) {
1395             if (len == (size_t)-2) {
1396                 /* don't set pymain->err */
1397                 return -2;
1398             }

** CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
/Modules/getpath.c: 909 in calculate_init()


________________________________________________________________________________________________________
*** CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
/Modules/getpath.c: 909 in calculate_init()
903             return err;
904         }
905
906         size_t len;
907         char *path = getenv("PATH");
908         if (path) {
>>>     CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "path" to a tainted sink. [Note: The source 
>>> code implementation of the function has been overridden by a user model.]
909             calculate->path_env = Py_DecodeLocale(path, &len);
910             if (!calculate->path_env) {
911                 return DECODE_FAILED("PATH environment variable", len);
912             }
913         }
914


Christian Heimes told me on IRC that Coverity "thinks that all values from 
getenv are bad". Ok.

__coverity_tainted_data_sink__() is supposed to say that we sanitized data, and 
this is what Py_DecodeLocale() model does:

wchar_t *Py_DecodeLocale(const char* arg, size_t *size)
{
   wchar_t *w;
    __coverity_tainted_data_sink__(arg);
    __coverity_tainted_data_sink__(size);
   return w;
}


I refactored recently Modules/main.c, Modules/getpath.c and PC/getpathp.c code, 
but the code isn't really new, I mostly "moved" code. Maybe these warnings were 
simply ignored previously?

----------
components: Interpreter Core
messages: 307321
nosy: christian.heimes, vstinner
priority: normal
severity: normal
status: open
title: Coverity: CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
type: security
versions: Python 3.7

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue32183>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to