[Bug 1021422] New: Insufficient validation of PID file contents

bugzilla at redhat.com bugzilla at redhat.com
Mon Oct 21 09:30:08 UTC 2013 

https://bugzilla.redhat.com/show_bug.cgi?id=1021422

            Bug ID: 1021422
           Summary: Insufficient validation of PID file contents
           Product: Fedora EPEL
           Version: el6
         Component: perl-File-Pid
          Severity: low
          Assignee: iarnell at gmail.com
          Reporter: d.e.smorgrav at usit.uio.no
        QA Contact: extras-qa at fedoraproject.org
                CC: iarnell at gmail.com, perl-devel at lists.fedoraproject.org
   External Bug ID: CPAN 89647



Created attachment 814502
  --> https://bugzilla.redhat.com/attachment.cgi?id=814502&action=edit
Patch for Pid.pm and spec file

Description of problem:

File::Pid::running() passes undef as the PID argument to kill().

Version-Release number of selected component (if applicable):

1.01-2.el6.src.rpm

How reproducible:

100%

Steps to Reproduce:

First test case:

  touch /tmp/frobozz.pid
  perl -w -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid'
})->running();"

Second test case:

  echo >/tmp/frobozz.pid
  perl -w -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid'
})->running();"

Third test case:

  echo >/tmp/frobozz.pid
  perl -Tw -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid'
})->running();"

Actual results:

First test case:

  Use of uninitialized value $pid in chomp at /usr/share/perl5/File/Pid.pm line
175.
  Use of uninitialized value $pid in chomp at /usr/share/perl5/File/Pid.pm line
175.
  Use of uninitialized value $pid in kill at /usr/share/perl5/File/Pid.pm line
124.
  not running

Second test case:

  Argument "" isn't numeric in kill at /usr/share/perl5/File/Pid.pm line 124.
  not running

Third test case:

  Insecure dependency in kill while running with -T switch at
/usr/share/perl5/File/Pid.pm line 124.

Expected results:

In all three cases, merely

  not running

Additional info:

Patch attached.  Regression tests are left as an exercise for the reader.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=8qnGB4l9lK&a=cc_unsubscribe

More information about the perl-devel mailing list