Potential error due to the unreleased lock #1037
Comments
|
Thanks for opening this issue. A contributor should be by to give feedback soon. In the meantime, please check out the contributing guidelines and explore other ways you can get involved. |
|
Thanks @anson-lo ! Just curious: how did you find this by the way? Just reading the code or you did some automated analysis? |
|
Thanks @anson-lo . You're right, this looks like a bug. Would you like to submit the patch yourself? Let us know and that'd be awesome. Otherwise, we can fix it. Thanks for catching this and reporting |
|
@johnbent It is reported by a static code scanner. |
|
Thanks, @anson-lo Which static code scanner? |
Nilesh, Its reported in Codacy |
|
@nileshgovande We use Pinpoint, a static analysis tool similar to Codacy. |
|
No @mukul-seagate11 - its not We will check on Pinpoint @anson-lo |
|
PR - #1041 |
|
Changes merged to main |
|
@nileshgovande Hi, would this bug cause any security issues like deadlock due to acquiring the same lock? |
|
FYI @swanand-gadre . This is an interesting issue where a community member used a different static analysis tool and found an issue in our S3 code. Just something you might be interested in. |
|
Thanks @johnbent for looping me in. Similar condition is described as a weakness here -> https://cwe.mitre.org/data/definitions/401.html Since memory lock is not released in specific condition, It leads to not sufficiently tracking and releasing allocated memory after it has been used, which slowly consumes remaining memory. It impacts availability (reduced performance, article also mention, potential DoS attack). I see that the specific condition is now fixed with pool->lock released with pthread_mutex_unlock(&pool->lock); However do we need to also add a similar code, in if (handle == NULL) { Or will it not have pool-lock if handle is NULL ? Regards |
|
Could we apply CVE ID for this issue? (Similar to CVE-2014-3657, CVE-2015-8340,CVE-2020-12771). Thanks so much. |
|
Hey @swanand-gadre , do you have an answer for @anson-lo ? |
|
Hi @anson-lo Thank you for your interest, Is there any POC or end user scenario available, where this condition is hit and shows evidence of impact? |
|
Unfortunately, I don't have PoC or find it via concretely triggering this bug. |
|
@anson-lo , those other CVE IDs that you see are automatically created by the Whitesource bot. It would be really cool if your tool is finding vulnerabilities that Whitesource is missing! |
|
Hi @anson-lo To further investigate, I went thru following linkes to check the details required to create CVE https://www.kb.cert.org/vuls/report/ Along with some other details, it asks for How does an attacker exploit this vulnerability? (Explain access or other conditions necessary to attack.) Also I wanted to check about the tool you mentioned you are using Perhaps we can quickly connect so that I can understand the work you are doing? Let me know. Regards |
|
@swanand-gadre Thanks so much! How does an attacker exploit this vulnerability? What does an attacker gain by exploiting this vulnerability? The tool I am working |
|
Hi @anson-lo Does the same fix applies to if (handle == NULL) { Do you want to try raising it with https://cve.mitre.org/cve/request_id.html Regards |
|
@swanand-gadre Hi, it seems the individuals are more difficult to request this without assistance from developers. I tried before but got no reply. Could you please raise it? |
|
Hi @anson-lo In my opinion, since your tool uncovered it, it is appropriate you raise request for CVE ID. However requesting you to take initial step. Also I wanted to know your feedback, if , the same fix applies to? if (handle == NULL) { Regards |
|
@swanand-gadre Thanks, I would take an initial step. cortx-s3server/mempool/s3_memory_pool.c Lines 529 to 540 in d684426
From my view, applying to |
|
Hi @anson-lo Any further updates ? Regards |
|
@swanand-gadre Hi, I have submitted my CVE application form but haven't received any notifications so far. |
|
@anson-lo , by the way, this has been fixed now in the code. So should we still file for the CVE? |
|
OK, thanks for your time and help |
Dear developers:
Thank you for your checking. In the method
mempool_destroy, the lock&pool->lockmay be not released if the branch condition satisfies and the method returns.cortx-s3server/mempool/s3_memory_pool.c
Line 539 in d684426
cortx-s3server/mempool/s3_memory_pool.c
Line 543 in d684426
Best,
The text was updated successfully, but these errors were encountered: