HP UX Web Development Tools manual Detecting multi-threaded programming issues

Example 62 Enabling compile time diagnostic messages for potential security vulnerabilities

#include <stdio.h> #include <stdlib.h> char* get_path()

{

return getenv("BLAHBLAH");

}

int main()

{

char* path = get_path(); // line 11

FILE* my_pipe = popen(path, "r"); // line 13 printf ("%p\n", my_pipe);

}

In this case, cadvise generates the following error:

"popen.c", line 13, procedure main: warning #20116-D: (SECURITY) Tainted value may be used as path or file name

++tainted value is returned from 'get_path' called by 'main' at line 11 in file popen.c

For example, see the unsafe loop exit condition in the following code and the warning generated.

int a[100]; int loop(int i)

{

for (int j = 0 ; j < i; j++) // line 5 a[j] = 0;

return a[0];

}

int main()

{

int i;

fread(&i, 1,4,stdin); loop(i);

}

In this case, cadvise generates the following error:

"loop1.c", line 5, procedure loop: warning #20114-D: (SECURITY) Tainted value may be used in loop exit condition computation

++'loop' is called by 'main' at line 14 in file loop1.c

++++ Tainted value is obtained from 'main'

8.6Detecting multi-threaded programming issues

The +wlock option detects multi-threaded programming issues and enables diagnostics for potential errors in using lock/unlock calls in multi-threaded programs that use the pthread library.

The problems detected include acquiring an already acquired lock, releasing an already released lock and unconditionally releasing a lock which has been conditionally acquired. For example, cadvise detects a potential locking error in the following code:

8.6 Detecting multi-threaded programming issues 53