Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-29175

utmpwatcher.c:62: string_null_source: Function "fread" does not terminate string "u"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhel-9.4
    • policycoreutils
    • None
    • Low
    • 1
    • rhel-sst-security-selinux
    • ssg_security
    • 2
    • False
    • Hide

      None

      Show
      None
    • No
    • CY24Q2
    • Hide

      The source code is fixed in such a way that Coverity scan does not find this error in that area.

      Show
      The source code is fixed in such a way that Coverity scan does not find this error in that area.
    • None
    • None
    • Unspecified Release Note Type - Unknown
    • None 

      Error: STRING_NULL (CWE-170): [#def5]
selinux-3.6/restorecond/utmpwatcher.c:62: string_null_source: Function "fread" does not terminate string "u". [Note: The source code implementation of the function has been overridden by a builtin model.]
selinux-3.6/restorecond/utmpwatcher.c:64: string_null: Passing unterminated string "u.ut_user" to "strings_list_add", which expects a null-terminated string.
#   62|   	while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
#   63|   		if (u.ut_type == USER_PROCESS)
#   64|-> 			strings_list_add(&utmp_ptr, u.ut_user);
#   65|   	}
#   66|   	fclose(cfg);

      `man utmp` -> "This structure gives the name of the special file associated with the user's terminal, the user's login name, and the time of login in the form of time(2). String fields are terminated by a null byte ('\0') if they are shorter than the size of the field.
      "

              rhn-engineering-plautrba Petr Lautrbach
              rhn-engineering-plautrba Petr Lautrbach
              Petr Lautrbach Petr Lautrbach
              Milos Malik Milos Malik
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: