Project

General

Profile

Actions
Copy link

Bug #8243

open

hyperscan: address stat path check warning

Added by Lukas Sismis 3 days ago. Updated 3 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Lukas Sismis
Target version:
9.0.0-beta1
Affected Versions:
git main
Effort:
Difficulty:
Label:

Description

** CID 1680388:       Security best practices violations  (TOCTOU)
/src/util-mpm-hs-cache.c: 377           in SCHSCachePruneEvaluate()

_____________________________________________________________________________________________
*** CID 1680388:         Security best practices violations  (TOCTOU)
/src/util-mpm-hs-cache.c: 377             in SCHSCachePruneEvaluate()
371                 continue;
372     
373             if (PathMerge(path, ARRAY_SIZE(path), mpm_conf->cache_dir_path, name) != 0)
374                 continue;
375     
376             struct stat st;
>>>     CID 1680388:         Security best practices violations  (TOCTOU)
>>>     Calling function "stat" to perform check on "path".
377             if (stat(path, &st) != 0 || !S_ISREG(st.st_mode))
378                 continue;
379     
380             considered++;
381     
382             const bool prune_by_age = HSPruneFileByAge(st.st_mtime, cutoff);

Subtasks 1 (1 open0 closed)

Bug #8244: hyperscan: address stat path check warning (8.0.x backport)AssignedLukas SismisActions

Related issues 1 (0 open1 closed)

Related to Suricata - Feature #7830: hyperscan: support cache invalidation and removalClosedLukas SismisActions
Actions
Copy link

Also available in: Atom PDF