-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
False
-
None
-
False
-
-
A group of Findings has been pushed to JIRA to be investigated and fixed:
Group
Group: Test in ttes / test / csmock Scan (SARIF)
Severity | CVE | CWE | Component | Version | Title | Status |
---|---|---|---|---|---|---|
High | None | 772 | None | None | Handle Variable "Fd" Going Out of Scope Leaks the Handle. | Active |
High | None | 772 | None | None | Handle Variable "Fd" Going Out of Scope Leaks the Handle. | Active |
Severity: High
Due Date: July 21, 2024
Findings
Handle Variable "Fd" Going Out of Scope Leaks the Handle.
Defect Dojo link: http://localhost:8080/finding/27 (27)
Severity: High
Due Date: July 21, 2024
CWE: CWE-772
CVE: Unknown
Source File: nginx-1.20.1/src/os/unix/ngx_daemon.c
Source Line: 52
Description:
*Result message:* Handle variable "fd" going out of scope leaks the handle.
*Snippet:*
```
Problem detected in this context:
50| if (dup2(fd, STDIN_FILENO) == -1)
54|
```
*Code flow:*
1. nginx-1.20.1/src/os/unix/ngx_daemon.c:L20:C5
Switch case value "0".
2. nginx-1.20.1/src/os/unix/ngx_daemon.c:L26:C9
Breaking from switch.
3. nginx-1.20.1/src/os/unix/ngx_daemon.c:L36:C5
Condition "setsid() == -1", taking false branch.
4. nginx-1.20.1/src/os/unix/ngx_daemon.c:L43:C5
Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
5. nginx-1.20.1/src/os/unix/ngx_daemon.c:L43:C5
Assigning: "fd" = handle returned from "open("/dev/null", 2)".
6. nginx-1.20.1/src/os/unix/ngx_daemon.c:L44:C5
Condition "fd == -1", taking false branch.
7. nginx-1.20.1/src/os/unix/ngx_daemon.c:L50:C5
Resource "fd" is not freed or pointed-to in "dup2".
8. nginx-1.20.1/src/os/unix/ngx_daemon.c:L50:C5
Condition "dup2(fd, 0) == -1", taking true branch.
9. nginx-1.20.1/src/os/unix/ngx_daemon.c:L51:C9
Condition "log->log_level >= 1", taking true branch.
10. nginx-1.20.1/src/os/unix/ngx_daemon.c:L52:C9
Handle variable "fd" going out of scope leaks the handle.
References:
https://cwe.mitre.org/data/definitions/772.html
Reporter: Admin User (admin) (admin@defectdojo.local)
Findings
Handle Variable "Fd" Going Out of Scope Leaks the Handle.
Defect Dojo link: http://localhost:8080/finding/28 (28)
Severity: High
Due Date: July 21, 2024
CWE: CWE-772
CVE: Unknown
Source File: nginx-1.20.1/src/os/unix/ngx_daemon.c
Source Line: 57
Description:
*Result message:* Handle variable "fd" going out of scope leaks the handle.
*Snippet:*
```
Problem detected in this context:
55| if (dup2(fd, STDOUT_FILENO) == -1)
59|
```
*Code flow:*
1. nginx-1.20.1/src/os/unix/ngx_daemon.c:L20:C5
Switch case value "0".
2. nginx-1.20.1/src/os/unix/ngx_daemon.c:L26:C9
Breaking from switch.
3. nginx-1.20.1/src/os/unix/ngx_daemon.c:L36:C5
Condition "setsid() == -1", taking false branch.
4. nginx-1.20.1/src/os/unix/ngx_daemon.c:L43:C5
Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
5. nginx-1.20.1/src/os/unix/ngx_daemon.c:L43:C5
Assigning: "fd" = handle returned from "open("/dev/null", 2)".
6. nginx-1.20.1/src/os/unix/ngx_daemon.c:L44:C5
Condition "fd == -1", taking false branch.
7. nginx-1.20.1/src/os/unix/ngx_daemon.c:L50:C5
Resource "fd" is not freed or pointed-to in "dup2".
8. nginx-1.20.1/src/os/unix/ngx_daemon.c:L50:C5
Condition "dup2(fd, 0) == -1", taking false branch.
9. nginx-1.20.1/src/os/unix/ngx_daemon.c:L55:C5
Resource "fd" is not freed or pointed-to in "dup2".
10. nginx-1.20.1/src/os/unix/ngx_daemon.c:L55:C5
Condition "dup2(fd, 1) == -1", taking true branch.
11. nginx-1.20.1/src/os/unix/ngx_daemon.c:L56:C9
Condition "log->log_level >= 1", taking true branch.
12. nginx-1.20.1/src/os/unix/ngx_daemon.c:L57:C9
Handle variable "fd" going out of scope leaks the handle.
References:
https://cwe.mitre.org/data/definitions/772.html