Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CPP: Add query for CWE-675: Duplicate Operations on Resource #6588

Merged
merged 5 commits into from Sep 15, 2021
Merged

CPP: Add query for CWE-675: Duplicate Operations on Resource #6588

merged 5 commits into from Sep 15, 2021
+268 −0

Conversation

ihsinme
Copy link
Contributor

@ihsinme ihsinme commented Sep 2, 2021

double release of descriptors can lead to an abnormal program termination.
when making a request to double free memory, I skipped the specified impact vector.
however, the situation described in CVE-2019-13351 suggests the need for such a request.

actual PR
bloomberg/comdb2#2940

@ihsinme ihsinme requested a review from as a code owner Sep 2, 2021
geoffw0
geoffw0 reviewed Sep 3, 2021
View changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

This looks like a useful query, but the code is a little difficult to understand at the moment.

cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.qhelp Outdated Show resolved Hide resolved
cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql Show resolved Hide resolved
cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql

/** Holds if the first arguments of the two functions are similar. */
predicate similarArguments(FunctionCall fc, FunctionCall fc1) {
globalValueNumber(fc.getArgument(0)) = globalValueNumber(fc1.getArgument(0))
Copy link
Contributor

@geoffw0 geoffw0 Sep 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This simple case looks good to me. How often do the other two cases (below) help?

Copy link
Contributor Author

@ihsinme ihsinme Sep 5, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

all situations were detected on my tests. I would like to leave these cases, also because they provide cve detection.

cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql Show resolved Hide resolved
cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql Outdated Show resolved Hide resolved
@ihsinme @geoffw0
Update cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.qhelp
8b0d5a2 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
@ihsinme ihsinme mentioned this pull request Sep 5, 2021
Closed
1 task
@geoffw0
Copy link
Contributor

@geoffw0 geoffw0 commented Sep 13, 2021

Results look good to me.

There may well be a performance issue with this query, but in my opinion we don't need to worry about that before merging into experimental.

geoffw0
geoffw0 approved these changes Sep 15, 2021
View changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Tests passed, merging...

@geoffw0 geoffw0 merged commit c4714b5 into github:main Sep 15, 2021
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geoffw0 geoffw0

Assignees
No one assigned
Labels
C++ documentation
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet
2 participants
@ihsinme @geoffw0