Bug 1021422
| Summary: | Insufficient validation of PID file contents | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | Dag-Erling Smørgrav <d.e.smorgrav> | ||||
| Component: | perl-File-Pid | Assignee: | Iain Arnell <iarnell> | ||||
| Status: | CLOSED EOL | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | el6 | CC: | iarnell, perl-devel | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2020-11-30 15:01:21 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is our policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version. Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. EPEL el6 changed to end-of-life (EOL) status on 2020-11-30. EPEL el6 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of EPEL please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. |
Created attachment 814502 [details] Patch for Pid.pm and spec file Description of problem: File::Pid::running() passes undef as the PID argument to kill(). Version-Release number of selected component (if applicable): 1.01-2.el6.src.rpm How reproducible: 100% Steps to Reproduce: First test case: touch /tmp/frobozz.pid perl -w -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid' })->running();" Second test case: echo >/tmp/frobozz.pid perl -w -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid' })->running();" Third test case: echo >/tmp/frobozz.pid perl -Tw -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid' })->running();" Actual results: First test case: Use of uninitialized value $pid in chomp at /usr/share/perl5/File/Pid.pm line 175. Use of uninitialized value $pid in chomp at /usr/share/perl5/File/Pid.pm line 175. Use of uninitialized value $pid in kill at /usr/share/perl5/File/Pid.pm line 124. not running Second test case: Argument "" isn't numeric in kill at /usr/share/perl5/File/Pid.pm line 124. not running Third test case: Insecure dependency in kill while running with -T switch at /usr/share/perl5/File/Pid.pm line 124. Expected results: In all three cases, merely not running Additional info: Patch attached. Regression tests are left as an exercise for the reader.