View Issue Details [ Jump to Notes ]

[ Print ]

Project

Category

View Status

Date Submitted

Last Update

0014488

CMake

public

2013-10-16 10:16

2016-06-10 14:31

Reporter

Matthew McCormick

Assigned To

Matt McCormick

Priority

normal

Severity

minor

Reproducibility

always

Status

closed

Resolution

moved

Platform

OS Version

Product Version

CMake 2.8.12

Target Version

Fixed in Version

Summary

0014488: TestDriver.cxx.in Untrusted array index read

Description

As reported by Coverity Scan, if the configured file contains a #include,

  Untrusted array index read
  The array index could be controlled by an attacker, leading to reads outside
  the bounds of the array.
  In main: Read from array at index computed using an unscrutinized value from
  an untrusted source (CWE-129)

  CID 1081283 (#1 of 1): Untrusted array index read (TAINTED_SCALAR)
  25. tainted_data: Using tainted variable "testToRun" as an index into an array
  "cmakeGeneratedFunctionMapEntries".

Steps To Reproduce

Analyze the ITK test suite with Coverity Static Analysis.

Additional Information

Patch attached.

Tags

No tags attached.

Attached Files

0001-TestDriver.cxx.in-Untrusted-array-index-read.patch [^] (1,435 bytes) 2013-10-16 10:16 [Show Content] [Hide Content]

From 7eddefd8f1375c5c6f2fbe6e0e51f14bdc1f8886 Mon Sep 17 00:00:00 2001
From: Matt McCormick <matt.mccormick@kitware.com>
Date: Mon, 7 Oct 2013 17:10:06 +0000
Subject: [PATCH] TestDriver.cxx.in: Untrusted array index read.

As reported by Coverity Scan, if the configured file contains a #include,

  Untrusted array index read
  The array index could be controlled by an attacker, leading to reads outside
  the bounds of the array.
  In main: Read from array at index computed using an unscrutinized value from
  an untrusted source (CWE-129)

  CID 1081283 (#1 of 1): Untrusted array index read (TAINTED_SCALAR)
  25. tainted_data: Using tainted variable "testToRun" as an index into an array
  "cmakeGeneratedFunctionMapEntries".
---
 Templates/TestDriver.cxx.in | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Templates/TestDriver.cxx.in b/Templates/TestDriver.cxx.in
index f4510bb..03916bf 100644
--- a/Templates/TestDriver.cxx.in
+++ b/Templates/TestDriver.cxx.in
@@ -137,6 +137,13 @@ int main(int ac, char *av[])
     {
     int result;
 @CMAKE_TESTDRIVER_BEFORE_TESTMAIN@
+    if (testToRun < 0 || testToRun >= NumTests)
+      {
+      printf(
+        "testToRun was modified by TestDriver code to an invalid value: %3d.\n",
+        testNum);
+      return -1;
+      }
     result = (*cmakeGeneratedFunctionMapEntries[testToRun].func)(ac, av);
 @CMAKE_TESTDRIVER_AFTER_TESTMAIN@
     return result;
-- 
1.8.3.2

Relationships

Notes
(0034164) Matthew McCormick (reporter) 2013-10-18 16:17	This was Resolved when the attached patch, 7eddefd8f1375c5c6f2fbe6e0e51f14bdc1f8886 however, there must be something messed with up with tho accounts -- "Matthew McCormick" is the Reporter and "Matt McCormick" is the Assigned To, and I do not have the permissions to Resolve the issue.

(0042395) Kitware Robot (administrator) 2016-06-10 14:29	Resolving issue as `moved`. This issue tracker is no longer used. Further discussion of this issue may take place in the current CMake Issues page linked in the banner at the top of this page.

Issue History
Date Modified	Username	Field	Change
2013-10-16 10:16	Matthew McCormick	New Issue
2013-10-16 10:16	Matthew McCormick	File Added: 0001-TestDriver.cxx.in-Untrusted-array-index-read.patch
2013-10-16 15:15	Bill Hoffman	Assigned To	=> Matt McCormick
2013-10-16 15:15	Bill Hoffman	Status	new => assigned
2013-10-18 16:17	Matthew McCormick	Note Added: 0034164
2016-06-10 14:29	Kitware Robot	Note Added: 0042395
2016-06-10 14:29	Kitware Robot	Status	assigned => resolved
2016-06-10 14:29	Kitware Robot	Resolution	open => moved
2016-06-10 14:31	Kitware Robot	Status	resolved => closed