Bug 1021422
Summary: | Insufficient validation of PID file contents | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Dag-Erling Smørgrav <d.e.smorgrav> | ||||
Component: | perl-File-Pid | Assignee: | Iain Arnell <iarnell> | ||||
Status: | CLOSED EOL | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | el6 | CC: | iarnell, perl-devel | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2020-11-30 15:01:21 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
This message is a reminder that EPEL 6 is nearing its end of life. Fedora will stop maintaining and issuing updates for EPEL 6 on 2020-11-30. It is our policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of 'el6'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later EPEL version. Thank you for reporting this issue and we are sorry that we were not able to fix it before EPEL 6 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. EPEL el6 changed to end-of-life (EOL) status on 2020-11-30. EPEL el6 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of EPEL please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. |
Created attachment 814502 [details] Patch for Pid.pm and spec file Description of problem: File::Pid::running() passes undef as the PID argument to kill(). Version-Release number of selected component (if applicable): 1.01-2.el6.src.rpm How reproducible: 100% Steps to Reproduce: First test case: touch /tmp/frobozz.pid perl -w -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid' })->running();" Second test case: echo >/tmp/frobozz.pid perl -w -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid' })->running();" Third test case: echo >/tmp/frobozz.pid perl -Tw -MFile::Pid -e"File::Pid->new({ file => '/tmp/frobozz.pid' })->running();" Actual results: First test case: Use of uninitialized value $pid in chomp at /usr/share/perl5/File/Pid.pm line 175. Use of uninitialized value $pid in chomp at /usr/share/perl5/File/Pid.pm line 175. Use of uninitialized value $pid in kill at /usr/share/perl5/File/Pid.pm line 124. not running Second test case: Argument "" isn't numeric in kill at /usr/share/perl5/File/Pid.pm line 124. not running Third test case: Insecure dependency in kill while running with -T switch at /usr/share/perl5/File/Pid.pm line 124. Expected results: In all three cases, merely not running Additional info: Patch attached. Regression tests are left as an exercise for the reader.