[analyzer] Warn about the use of insecure, deprecated vfork() function PR11053 (http://llvm.org/bugs/show_bug.cgi?id=11053).

A patch by Graham Lee! llvm-svn: 141643
2011-10-11 04:34:54 +00:00 · 2011-10-11 04:34:54 +00:00 · fedf5dfc71
parent a697852386
commit fedf5dfc71
2 changed files with 33 additions and 0 deletions
--- a/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
@ -70,6 +70,7 @@ public:
  void checkCall_strcat(const CallExpr *CE, const FunctionDecl *FD);
  void checkCall_rand(const CallExpr *CE, const FunctionDecl *FD);
  void checkCall_random(const CallExpr *CE, const FunctionDecl *FD);
+  void checkCall_vfork(const CallExpr *CE, const FunctionDecl *FD);
  void checkUncheckedReturnValue(CallExpr *CE);
 };
 } // end anonymous namespace
@ -116,6 +117,7 @@ void WalkAST::VisitCallExpr(CallExpr *CE) {
    .Case("rand", &WalkAST::checkCall_rand)
    .Case("rand_r", &WalkAST::checkCall_rand)
    .Case("random", &WalkAST::checkCall_random)
+    .Case("vfork", &WalkAST::checkCall_vfork)
    .Default(NULL);

  // If the callee isn't defined, it is not of security concern.
@ -518,6 +520,26 @@ void WalkAST::checkCall_random(const CallExpr *CE, const FunctionDecl *FD) {
                     "instead", CELoc, &R, 1);
 }

+//===----------------------------------------------------------------------===//
+// Check: 'vfork' should not be used.
+// POS33-C: Do not use vfork().
+//===----------------------------------------------------------------------===//
+
+void WalkAST::checkCall_vfork(const CallExpr *CE, const FunctionDecl *FD) {
+  // All calls to vfork() are insecure, issue a warning.
+  SourceRange R = CE->getCallee()->getSourceRange();
+  PathDiagnosticLocation CELoc =
+    PathDiagnosticLocation::createBegin(CE, BR.getSourceManager(), AC);
+  BR.EmitBasicReport("Potential insecure implementation-specific behavior in "
+                     "call 'vfork'",
+                     "Security",
+                     "Call to function 'vfork' is insecure as it can lead to "
+                     "denial of service situations in the parent process. "
+                     "Replace calls to vfork with calls to the safer "
+                     "'posix_spawn' function",
+                     CELoc, &R, 1);
+}
+
 //===----------------------------------------------------------------------===//
 // Check: Should check whether privileges are dropped successfully.
 // Originally: <rdar://problem/6337132>
--- a/clang/test/Analysis/security-syntax-checks.m
+++ b/clang/test/Analysis/security-syntax-checks.m
@ -164,3 +164,14 @@ void test_strcat() {

  strcat(x, y); //expected-warning{{Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strncat'. CWE-119.}}
 }
+
+//===----------------------------------------------------------------------===
+// vfork()
+//===----------------------------------------------------------------------===
+typedef int __int32_t;
+typedef __int32_t pid_t;
+pid_t vfork(void);
+
+void test_vfork() {
+  vfork(); //expected-warning{{Call to function 'vfork' is insecure as it can lead to denial of service situations in the parent process.}}
+}