[Bug 1021422] New: Insufficient validation of PID file contents

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://bugzilla.redhat.com/show_bug.cgi?id=1021422

            Bug ID: 1021422
           Summary: Insufficient validation of PID file contents
           Product: Fedora EPEL
           Version: el6
         Component: perl-File-Pid
          Severity: low
          Assignee: iarnell@xxxxxxxxx
          Reporter: d.e.smorgrav@xxxxxxxxxxx
        QA Contact: extras-qa@xxxxxxxxxxxxxxxxx
                CC: iarnell@xxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
   External Bug ID: CPAN 89647



Created attachment 814502
  --> https://bugzilla.redhat.com/attachment.cgi?id=814502&action=edit
Patch for Pid.pm and spec file

Description of problem:

File::Pid::running() passes undef as the PID argument to kill().

Version-Release number of selected component (if applicable):

1.01-2.el6.src.rpm

How reproducible:

100%

Steps to Reproduce:

First test case:

  touch /tmp/frobozz.pid
  perl -w -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid'
})->running();"

Second test case:

  echo >/tmp/frobozz.pid
  perl -w -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid'
})->running();"

Third test case:

  echo >/tmp/frobozz.pid
  perl -Tw -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid'
})->running();"

Actual results:

First test case:

  Use of uninitialized value $pid in chomp at /usr/share/perl5/File/Pid.pm line
175.
  Use of uninitialized value $pid in chomp at /usr/share/perl5/File/Pid.pm line
175.
  Use of uninitialized value $pid in kill at /usr/share/perl5/File/Pid.pm line
124.
  not running

Second test case:

  Argument "" isn't numeric in kill at /usr/share/perl5/File/Pid.pm line 124.
  not running

Third test case:

  Insecure dependency in kill while running with -T switch at
/usr/share/perl5/File/Pid.pm line 124.

Expected results:

In all three cases, merely

  not running

Additional info:

Patch attached.  Regression tests are left as an exercise for the reader.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=8qnGB4l9lK&a=cc_unsubscribe
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Legacy Announce]     [Fedora PHP Devel]     [Kernel Devel]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite Information]
  Powered by Linux