C++: Only the second indirection of the argument should be the remote flow source.

2026-04-21 06:55:31 +02:00 · 2023-11-02 16:51:24 +00:00
parent b82dfa9a21
commit 392b2af923
2 changed files with 1 additions and 3 deletions
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Inet.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Inet.qll
@@ -157,7 +157,7 @@ private class Getaddrinfo extends TaintFunction, ArrayFunction, RemoteFlowSource
  override predicate hasArrayWithNullTerminator(int bufParam) { bufParam in [0, 1] }

  override predicate hasRemoteFlowSource(FunctionOutput output, string description) {
-    output.isParameterDeref(3) and
+    output.isParameterDeref(3, 2) and
    description = "address returned by " + this.getName()
  }
 }
--- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.expected
+++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.expected
@@ -1,4 +1,2 @@
 testFailures
-| sources-and-sinks.cpp:51:52:51:55 | getaddrinfo output argument | Unexpected result: remote_source=51:52 |
-| sources-and-sinks.cpp:51:59:51:76 | // $ remote_source | Missing result:remote_source= |
 failures