Manualshelf

User's Manual

ManualsBrandsHP ManualsSoftwareHP HP-UX Web Development Tools
50515253545556575859
Example 62 Enabling compile time diagnostic messages for potential security vulnerabilities
#include <stdio.h>
#include <stdlib.h>
char* get_path()
{
return getenv("BLAHBLAH");
}
int main()
{
char* path = get_path(); // line 11
FILE* my_pipe = popen(path, "r"); // line 13
printf ("%p\n", my_pipe);
}
In this case, cadvise generates the following error:
"popen.c", line 13, procedure main: warning #20116-D: (SECURITY) Tainted
value may be used as path or file name
++ tainted value is returned from 'get_path' called by 'main' at line 11
in file popen.c
For example, see the unsafe loop exit condition in the following code and the warning generated.
int a[100];
int loop(int i)
{
for (int j = 0 ; j < i; j++) // line 5
a[j] = 0;
return a[0];
}
int main()
{
int i;
fread(&i, 1,4,stdin);
loop(i);
}
In this case, cadvise generates the following error:
"loop1.c", line 5, procedure loop: warning #20114-D: (SECURITY) Tainted value
may be used in loop exit condition computation
++ 'loop' is called by 'main' at line 14 in file loop1.c
++++ Tainted value is obtained from 'main'
8.6 Detecting multi-threaded programming issues
The +wlock option detects multi-threaded programming issues and enables diagnostics for potential
errors in using lock/unlock calls in multi-threaded programs that use the pthread library.
The problems detected include acquiring an already acquired lock, releasing an already released
lock and unconditionally releasing a lock which has been conditionally acquired. For example,
cadvise detects a potential locking error in the following code:
8.6 Detecting multi-threaded programming issues 53