Integrated: JDK-8259786: initialize last parameter of getpwuid_r
Matthias Baesken
mbaesken at openjdk.java.net
Wed Jan 20 15:07:57 UTC 2021
On Fri, 15 Jan 2021 11:24:49 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
> We have a couple of calls to getpwuid_r in the codebase, like
> g= getpwuid_r(getuid(), &resbuf, pwd_buf, sizeof(pwd_buf), &pwd);
>
> Usually we NULL-check pwd after the call because we do not fully trust the return code of the function (it is documented in the codebase why we do not fully trust the return code) . However we miss to initialize pwd at some places before the call, which might we a little problematic and should be improved (at other places we already initialize it).
>
> This triggers also Sonar warnings like :
> https://sonarcloud.io/project/issues?id=jdk&open=AXaE0dsA8L9hkQskGEbA&resolved=false&types=BUG
>
>
> Aside from this issue , should we in other issue , unify the OS versions of static char* get_user_name(uid_t uid) in posix code (currently we have it for bsd, linux, aix but the functions look very similar ?
This pull request has now been integrated.
Changeset: 52ed2aab
Author: Matthias Baesken <mbaesken at openjdk.org>
URL: https://git.openjdk.java.net/jdk/commit/52ed2aab
Stats: 3 lines in 2 files changed: 0 ins; 0 del; 3 mod
8259786: initialize last parameter of getpwuid_r
Reviewed-by: mdoerr, hseigel
-------------
PR: https://git.openjdk.java.net/jdk/pull/2098
More information about the security-dev
mailing list