Bug #8243: hyperscan: address stat path check warning - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #8243

open

hyperscan: address stat path check warning

Added by Lukas Sismis 3 days ago. Updated 3 days ago.

Status:

Assigned

Priority:

Normal

Assignee:

Lukas Sismis

Target version:

9.0.0-beta1

Affected Versions:

git main

Effort:

Difficulty:

Label:

Description

** CID 1680388:       Security best practices violations  (TOCTOU)
/src/util-mpm-hs-cache.c: 377           in SCHSCachePruneEvaluate()

_____________________________________________________________________________________________
*** CID 1680388:         Security best practices violations  (TOCTOU)
/src/util-mpm-hs-cache.c: 377             in SCHSCachePruneEvaluate()
371                 continue;
372     
373             if (PathMerge(path, ARRAY_SIZE(path), mpm_conf->cache_dir_path, name) != 0)
374                 continue;
375     
376             struct stat st;
>>>     CID 1680388:         Security best practices violations  (TOCTOU)
>>>     Calling function "stat" to perform check on "path".
377             if (stat(path, &st) != 0 || !S_ISREG(st.st_mode))
378                 continue;
379     
380             considered++;
381     
382             const bool prune_by_age = HSPruneFileByAge(st.st_mtime, cutoff);

Subtasks 1 (1 open — 0 closed)