Coverity analysis defect 123308: Untrusted loop bound

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Won't Fix
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Service Arch
    • ALL
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Untrusted loop bound

      An attacker could control the number of times the loop iterates. An unscrutinized value from an untrusted source used as a loop bound
      /src/mongo/transport/transport_layer_asio.cpp:990: TAINTED_SCALAR 123308 Calling function "operator >>" taints argument "val". [Note: The source code implementation of the function has been overridden by a builtin model.]
      /src/mongo/transport/transport_layer_asio.cpp:997: TAINTED_SCALAR 123308 Assigning: "wantval" = "val". Both are now tainted.
      /src/mongo/transport/transport_layer_asio.cpp:1006: TAINTED_SCALAR 123308 Checking lower bounds of signed scalar "wantval" by taking the true branch of "wantval > 9L".

        1. image-2022-07-25-15-43-12-745.png
          image-2022-07-25-15-43-12-745.png
          111 kB

            Assignee:
            [DO NOT USE] Backlog - Service Architecture
            Reporter:
            Coverity Collector User
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: