*** CID 1338381: Security best practices violations (STRING_OVERFLOW)
/cmd/traffic_cop/traffic_cop.cc: 759 in spawn_manager()()
753
754 755 int max_opts_len = OPTIONS_LEN_MAX - strlen(manager_options);
756 char tm_opt_buf[max_opts_len];
757 int cx = snprintf(tm_opt_buf, max_opts_len, " --%s %s --%s %s", TM_OPT_BIND_STDOUT, log_file, TM_OPT_BIND_STDERR, log_file);
758 if (cx >= 0 && cx < max_opts_len)
CID 1338381: Security best practices violations (STRING_OVERFLOW)
You might overrun the 1024 byte fixed-size string "manager_options" by copying "tm_opt_buf" without checking the length.
759 strcat(manager_options, tm_opt_buf);
760 else
761 cop_log(COP_WARNING, "bind_stdout and bind_stderr flags are too long, not binding anything\n");
762
763 cop_log_trace("spawn_manager: Launching %s with options '%s'\n", prog, manager_options);
764 int i;
** CID 1022062: Error handling issues (CHECKED_RETURN)
/cmd/traffic_cop/traffic_cop.cc: 750 in spawn_manager()()
________________________________________________________________________________________________________
*** CID 1022062: Error handling issues (CHECKED_RETURN)
/cmd/traffic_cop/traffic_cop.cc: 750 in spawn_manager()()
744 745 746 if (access(log_file, W_OK) < 0 && errno == EACCES) {
747 char old_log_file[PATH_NAME_MAX];
748 snprintf(old_log_file, sizeof(old_log_file), "%s.old", log_file);
749 CID 1022062: Error handling issues (CHECKED_RETURN)
Calling "rename(log_file, old_log_file)" without checking return value. This library function may fail and return an error code.
750 rename(log_file, old_log_file);
751 cop_log(COP_WARNING, "rename %s to %s as it is not accessible.\n", log_file, old_log_file);
752 }
753
754 755 int max_opts_len = OPTIONS_LEN_MAX - strlen(manager_options);
Major