Hi,
Please find the latest report on new defect(s) introduced to libvirt found with Coverity
Scan.
1 new defect(s) introduced to libvirt found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build
analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 405251: Security best practices violations (TOCTOU)
/src/util/virpidfile.c: 420 in virPidFileAcquirePathFull()
________________________________________________________________________________________________________
*** CID 405251: Security best practices violations (TOCTOU)
/src/util/virpidfile.c: 420 in virPidFileAcquirePathFull()
414 return -1;
415 }
416
417 /* Now make sure the pidfile we locked is the same
418 * one that now exists on the filesystem
419 */
>> CID 405251: Security best practices violations
(TOCTOU)
>> Calling function "stat" to perform check on "path".
420 if (stat(path, &a) < 0) {
421 VIR_DEBUG("Pid file '%s' disappeared: %s",
422 path, g_strerror(errno));
423 VIR_FORCE_CLOSE(fd);
424 /* Someone else must be racing with us, so try again */
425 continue;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my...