[Bug 1021422] New: Insufficient validation of PID file contents
bugzilla at redhat.com
bugzilla at redhat.com
Mon Oct 21 09:30:08 UTC 2013
https://bugzilla.redhat.com/show_bug.cgi?id=1021422
Bug ID: 1021422
Summary: Insufficient validation of PID file contents
Product: Fedora EPEL
Version: el6
Component: perl-File-Pid
Severity: low
Assignee: iarnell at gmail.com
Reporter: d.e.smorgrav at usit.uio.no
QA Contact: extras-qa at fedoraproject.org
CC: iarnell at gmail.com, perl-devel at lists.fedoraproject.org
External Bug ID: CPAN 89647
Created attachment 814502
--> https://bugzilla.redhat.com/attachment.cgi?id=814502&action=edit
Patch for Pid.pm and spec file
Description of problem:
File::Pid::running() passes undef as the PID argument to kill().
Version-Release number of selected component (if applicable):
1.01-2.el6.src.rpm
How reproducible:
100%
Steps to Reproduce:
First test case:
touch /tmp/frobozz.pid
perl -w -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid'
})->running();"
Second test case:
echo >/tmp/frobozz.pid
perl -w -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid'
})->running();"
Third test case:
echo >/tmp/frobozz.pid
perl -Tw -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid'
})->running();"
Actual results:
First test case:
Use of uninitialized value $pid in chomp at /usr/share/perl5/File/Pid.pm line
175.
Use of uninitialized value $pid in chomp at /usr/share/perl5/File/Pid.pm line
175.
Use of uninitialized value $pid in kill at /usr/share/perl5/File/Pid.pm line
124.
not running
Second test case:
Argument "" isn't numeric in kill at /usr/share/perl5/File/Pid.pm line 124.
not running
Third test case:
Insecure dependency in kill while running with -T switch at
/usr/share/perl5/File/Pid.pm line 124.
Expected results:
In all three cases, merely
not running
Additional info:
Patch attached. Regression tests are left as an exercise for the reader.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=8qnGB4l9lK&a=cc_unsubscribe
More information about the perl-devel
mailing list