Message 307321 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	christian.heimes, vstinner
Date	2017-11-30.15:33:32
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1512056012.34.0.213398074469.issue32183@psf.upfronthosting.co.za>
In-reply-to

Content
I got a new report from Coverity: CID 1423264: Insecure data handling (TAINTED_SCALAR) CID 1423265: Insecure data handling (TAINTED_SCALAR) /Modules/main.c: 1393 in pymain_get_env_var_dup() ________________________________________________________________________________________________________ * CID 1423265: Insecure data handling (TAINTED_SCALAR) /Modules/main.c: 1393 in pymain_get_env_var_dup() 1387 if (!var \|\| var[0] == '\0') { 1388 dest = NULL; 1389 return 0; 1390 } 1391 1392 size_t len; >>> CID 1423265: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "var" to a tainted sink. [Note: The source code implementation of the function has been overridden by a user model.] 1393 wchar_t wvar = Py_DecodeLocale(var, &len); 1394 if (!wvar) { 1395 if (len == (size_t)-2) { 1396 /* don't set pymain->err / 1397 return -2; 1398 } * CID 1423264: Insecure data handling (TAINTED_SCALAR) /Modules/getpath.c: 909 in calculate_init() ________________________________________________________________________________________________________ *** CID 1423264: Insecure data handling (TAINTED_SCALAR) /Modules/getpath.c: 909 in calculate_init() 903 return err; 904 } 905 906 size_t len; 907 char path = getenv("PATH"); 908 if (path) { >>> CID 1423264: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "path" to a tainted sink. [Note: The source code implementation of the function has been overridden by a user model.] 909 calculate->path_env = Py_DecodeLocale(path, &len); 910 if (!calculate->path_env) { 911 return DECODE_FAILED("PATH environment variable", len); 912 } 913 } 914 Christian Heimes told me on IRC that Coverity "thinks that all values from getenv are bad". Ok. __coverity_tainted_data_sink__() is supposed to say that we sanitized data, and this is what Py_DecodeLocale() model does: wchar_t Py_DecodeLocale(const char* arg, size_t size) { wchar_t w; __coverity_tainted_data_sink__(arg); __coverity_tainted_data_sink__(size); return w; } I refactored recently Modules/main.c, Modules/getpath.c and PC/getpathp.c code, but the code isn't really new, I mostly "moved" code. Maybe these warnings were simply ignored previously?

I got a new report from Coverity: CID 1423264: Insecure data handling  (TAINTED_SCALAR)



** CID 1423265:  Insecure data handling  (TAINTED_SCALAR)
/Modules/main.c: 1393 in pymain_get_env_var_dup()


________________________________________________________________________________________________________
*** CID 1423265:  Insecure data handling  (TAINTED_SCALAR)
/Modules/main.c: 1393 in pymain_get_env_var_dup()
1387         if (!var || var[0] == '\0') {
1388             *dest = NULL;
1389             return 0;
1390         }
1391
1392         size_t len;
>>>     CID 1423265:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "var" to a tainted sink. [Note: The source code implementation of the function has been overridden by a user model.]
1393         wchar_t *wvar = Py_DecodeLocale(var, &len);
1394         if (!wvar) {
1395             if (len == (size_t)-2) {
1396                 /* don't set pymain->err */
1397                 return -2;
1398             }

** CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
/Modules/getpath.c: 909 in calculate_init()


________________________________________________________________________________________________________
*** CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
/Modules/getpath.c: 909 in calculate_init()
903             return err;
904         }
905
906         size_t len;
907         char *path = getenv("PATH");
908         if (path) {
>>>     CID 1423264:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "path" to a tainted sink. [Note: The source code implementation of the function has been overridden by a user model.]
909             calculate->path_env = Py_DecodeLocale(path, &len);
910             if (!calculate->path_env) {
911                 return DECODE_FAILED("PATH environment variable", len);
912             }
913         }
914


Christian Heimes told me on IRC that Coverity "thinks that all values from getenv are bad". Ok.

__coverity_tainted_data_sink__() is supposed to say that we sanitized data, and this is what Py_DecodeLocale() model does:

wchar_t *Py_DecodeLocale(const char* arg, size_t *size)
{
   wchar_t *w;
    __coverity_tainted_data_sink__(arg);
    __coverity_tainted_data_sink__(size);
   return w;
}


I refactored recently Modules/main.c, Modules/getpath.c and PC/getpathp.c code, but the code isn't really new, I mostly "moved" code. Maybe these warnings were simply ignored previously?

History
Date	User	Action	Args
2017-11-30 15:33:32	vstinner	set	recipients: + vstinner, christian.heimes
2017-11-30 15:33:32	vstinner	set	messageid: <1512056012.34.0.213398074469.issue32183@psf.upfronthosting.co.za>
2017-11-30 15:33:32	vstinner	link	issue32183 messages
2017-11-30 15:33:32	vstinner	create