[PATCH] libcsupport: Fix TOCTOU in getchark()

Gedare Bloom gedare at rtems.org
Wed Jul 28 16:23:43 UTC 2021 

On Wed, Jul 28, 2021 at 9:13 AM Joel Sherrill <joel at rtems.org> wrote:
>
> Is this a Coverity issue? Does it have a CID?
>
> I remembered TOCTOU as an acronym analysis reports used
> but had to look up the meaning. I don't know what to do so someone
> else would not have to look it up beyond explaining it in the long comment.
> It is missing what was checked and used that flagged the issue. That should
> definitely be added in the long comment.
>
The TOCTOU here is that a global variable is checked and then used,
and someone could modify it in between. The solution here is to copy
the global into a local variable before checking and using, so this is
better. (I can't comment whether it's from a CID, just my analysis
here.)

> On Wed, Jul 28, 2021 at 9:50 AM Sebastian Huber
> <sebastian.huber at embedded-brains.de> wrote:
> >
> > Fix format, add Doxygen comments, and reduce includes.
> > ---
> >  cpukit/libcsupport/src/getchark.c | 21 +++++++++++++--------
> >  1 file changed, 13 insertions(+), 8 deletions(-)
> >
> > diff --git a/cpukit/libcsupport/src/getchark.c b/cpukit/libcsupport/src/getchark.c
> > index 5a9afbda7a..cfe9c022d6 100644
> > --- a/cpukit/libcsupport/src/getchark.c
> > +++ b/cpukit/libcsupport/src/getchark.c
> > @@ -1,8 +1,9 @@
> >  /**
> > - *  @file
> > + * @file
> >   *
> > - *  @brief Get Character from Stdin
> > - *  @ingroup libcsupport
> > + * @ingroup BSPIO
> > + *
> > + * @brief This source file contains the implementation of getchark().
> >   */
> >
> >  /*
> > @@ -18,13 +19,17 @@
> >  #include "config.h"
> >  #endif
> >
> > -#include <rtems.h>
> >  #include <rtems/bspIo.h>
> >
> > -int getchark(void)
> > +int getchark( void )
> >  {
> > -  if ( BSP_poll_char )
> > -    return (*BSP_poll_char)();
> > +  BSP_polling_getchar_function_type poll_char;
> > +
> > +  poll_char = BSP_poll_char;
> > +
> > +  if ( poll_char == NULL ) {
> > +    return -1;
> > +  }
> >
> > -  return -1;
> > +  return ( *poll_char )();
> >  }
> > --
> > 2.26.2
> >
> > _______________________________________________
> > devel mailing list
> > devel at rtems.org
> > http://lists.rtems.org/mailman/listinfo/devel
> _______________________________________________
> devel mailing list
> devel at rtems.org
> http://lists.rtems.org/mailman/listinfo/devel

More information about the devel mailing list