Project

General

Profile

Actions
Copy link

Bug #309

closed

Mitigate dangerous macros: util-mem.h, decode.h, suricata.h, stream-tcp.c

Added by Mike Pomraning about 13 years ago. Updated about 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

The attached patches address several unsafe or broken macros in 1.1beta2 (rev 2f2eb72)

  1. SCStrdup with -DDBG_MEM_ALLOC broken/unsafe: references a "len" variable not in private scope
  2. Several macro replacement lists are not parenthesized
  3. Many, many macro parameters are not parenthesized when referenced
  4. Some statement-style macros were not do/while(0) idioms, and so could not be used anywhere a statement could

No. 2 is of course a problem when we 

#define FOO  default_packet_size - 1
and later compute 
FOO * 5
.

No. 3 are especially dangerous breakages waiting to happen, and are what the CERT C Secure Coding Standard calls PRE01-C. Example:

#define SCCalloc(nm, a) \
  ... \
  global_mem += a*nm \   <-- wrong for SCCalloc(1024, 2 + 0)
  ... \

And similarly for pointer dereferences in macros, etc. In all, these patches bring some macros in line with the better-written macros in Suricata.

Files

Download all files
suricata-1.1beta2-2f2eb72-MACRO-SAFE.patch (14.1 KB) suricata-1.1beta2-2f2eb72-MACRO-SAFE.patch Make certain macros safer, more stable Mike Pomraning, 08/04/2011 10:51 PM
suricata-1.1beta2-fcac26e-revised-macro-parens.patch (17.9 KB) suricata-1.1beta2-fcac26e-revised-macro-parens.patch Mike Pomraning, 08/06/2011 08:03 AM
0001-Safer-macro-parenthesization-and-do-while-use.patch (17.7 KB) 0001-Safer-macro-parenthesization-and-do-while-use.patch Macro paren safety patch Mike Pomraning, 09/18/2011 11:31 PM
Actions
Copy link

Also available in: Atom PDF