hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Add a test of NtohlArrayNoBoundOpenSource.ql.

Browse Source
This commit is contained in:
Geoffrey White
2019-11-05 17:05:38 +00:00
parent 1fe5a9e7e7
commit f9feb05a72
3 changed files with 109 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/test/query-tests/Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBound/NtohlArrayNoBound.expected Normal file
View File

@@ -0,0 +1,8 @@
| test.cpp:12:25:12:29 | call to ntohl | Unchecked use of data from network function $@ | test.cpp:12:25:12:29 | call to ntohl | call to ntohl |
| test.cpp:21:26:21:29 | len2 | Unchecked use of data from network function $@ | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
| test.cpp:31:26:31:29 | len2 | Unchecked use of data from network function $@ | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
| test.cpp:61:26:61:29 | len2 | Unchecked use of data from network function $@ | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
| test.cpp:64:9:64:12 | len2 | Unchecked use of data from network function $@ | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
| test.cpp:73:10:73:13 | lens | Unchecked use of data from network function $@ | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
| test.cpp:86:10:86:13 | len3 | Unchecked use of data from network function $@ | test.cpp:85:10:85:14 | call to ntohl | call to ntohl |
| test.cpp:94:9:94:11 | len | Unchecked use of data from network function $@ | test.cpp:99:8:99:12 | call to ntohl | call to ntohl |

1
cpp/ql/test/query-tests/Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBound/NtohlArrayNoBound.qlref Normal file
View File

@@ -0,0 +1 @@
Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBoundOpenSource.ql

100
cpp/ql/test/query-tests/Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBound/test.cpp Normal file
View File

@@ -0,0 +1,100 @@
typedef unsigned int size_t;
void *memcpy(void *s1, const void *s2, size_t n);
size_t strlen(const char *s);
int ntohl(int x);
void test1(const char *source, size_t len)
{
char buffer[256];
size_t len2 = ntohl(len);
memcpy(buffer, source, ntohl(len)); // BAD
if (len2 < 256)
{
memcpy(buffer, source, len2); // GOOD
}
if (source != 0)
{
memcpy(buffer, source, len2); // BAD
}
if ((len2 < 256) && (source != 0))
{
memcpy(buffer, source, len2); // GOOD
}
if ((len2 < 256) || (source != 0))
{
memcpy(buffer, source, len2); // BAD
}
if (len2 < 256)
{
if (source != 0)
{
memcpy(buffer, source, len2); // GOOD
}
}
if (len2 >= 256)
{
// fail
} else {
memcpy(buffer, source, len2); // GOOD
}
if (len2 + 1 < 256)
{
memcpy(buffer, source, len2 + 1); // GOOD
}
if (strlen(source) < 256)
{
memcpy(buffer, source, strlen(source)); // GOOD
}
if (strlen(source) < 256)
{
memcpy(buffer, source, len2); // BAD
}
buffer[len2] = 0; // BAD
if (len2 < 256)
{
buffer[len2] = 0; // GOOD
}
{
unsigned short lens = len2;
buffer[lens] = 0; // BAD
}
if (len2 < 256)
{
unsigned short lens = len2;
buffer[lens] = 0; // GOOD
}
size_t len3 = 0;
if (len3 < 256)
{
len3 = ntohl(len);
buffer[len3] = 0; // BAD
}
}
void test2(size_t len)
{
char buffer[256];
buffer[len] = 0; // BAD
}
void test3(size_t len)
{
test2(ntohl(len));
}