[SERVER-68235] Coverity analysis defect 123308: Untrusted loop bound Created: 22/Jul/22 Updated: 05/Dec/22 Resolved: 01/Aug/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Coverity Collector User | Assignee: | Backlog - Service Architecture |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | coverity | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
| Assigned Teams: |
Service Arch
|
| Operating System: | ALL |
| Participants: |
| Description |
|
Untrusted loop bound An attacker could control the number of times the loop iterates. An unscrutinized value from an untrusted source used as a loop bound |
| Comments |
| Comment by Jason Chan [ 01/Aug/22 ] | |||||||||||||||||||||||||||||||||
|
Set to ignore in coverity | |||||||||||||||||||||||||||||||||
| Comment by Eric Milkie [ 25/Jul/22 ] | |||||||||||||||||||||||||||||||||
|
Sadly, "Service Unavailable" is exactly the message that is displayed if you fail to authenticate to the Okta LDAP plugin before it times out.. | |||||||||||||||||||||||||||||||||
| Comment by Billy Donahue [ 25/Jul/22 ] | |||||||||||||||||||||||||||||||||
|
I'm not failing to authenticate. When I do authenticate, the coverity server displays a page indicating that it is unavailable. "Service Unavailable Anyway this ticket is not a safety concern and we should close it. | |||||||||||||||||||||||||||||||||
| Comment by Eric Milkie [ 25/Jul/22 ] | |||||||||||||||||||||||||||||||||
|
You have to have an Okta 2FA push method configured to log into Coverity (like the Okta Verify app). (or else put your Okta 2FA six digit code after your password, separated by a comma) I'm not sure how to untaint something like this and I can't find any help on Google. I guess we should just ignore this defect and close the ticket? | |||||||||||||||||||||||||||||||||
| Comment by Billy Donahue [ 25/Jul/22 ] | |||||||||||||||||||||||||||||||||
|
I'll take your word for it since I can't log in to Coverity without throwing an internal server error. So yeah it's the tainted integer controlling how many digits its string representation has. | |||||||||||||||||||||||||||||||||
| Comment by Eric Milkie [ 25/Jul/22 ] | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| Comment by Eric Milkie [ 25/Jul/22 ] | |||||||||||||||||||||||||||||||||
|
If you click into the defect and click show-details, it will show you the loop:
| |||||||||||||||||||||||||||||||||
| Comment by Billy Donahue [ 25/Jul/22 ] | |||||||||||||||||||||||||||||||||
|
So the way to remove the taint is to add an assertion on the value, so it goes from being an unscrutinized value to a scrutinized value. I don't see a loop controlled by the tainted integer though? |