root/check_sec.sh

Revision 4640:a115f3ac3b62, 1.2 kB (checked in by Rocco Rutte <pdmef@…>, 2 years ago)

Avoid safe_free() usage and add security checks

Add checks to check_sec.sh for memory functions.

These include a check for use of safe_free() instead of FREE() and a
check whether FREE(&...) is used.

For the former, SAFE_FREE_CHECKED is to be used, for the latter
FREE_CHECKED to avoid messages from check_sec.sh
  • Property exe set to *
Line 
1#!/bin/sh --
2
3#
4# grep for some things which may look like security problems.
5#
6
7TMPFILE="`mktemp check_sec.tmp.XXXXXX`" || exit 1
8
9RV=0;
10
11do_check_files ()
12{
13        pattern="$1" ; shift
14        magic="$1" ; shift
15        msg="$1" ; shift
16        egrep -n "$pattern" "$@"                | \
17                grep -v '^[^     ]*:[^  ]*#'    | \
18                fgrep -v "$magic" > $TMPFILE
19
20        test -s $TMPFILE && {
21                echo "$msg" ;
22                cat $TMPFILE;
23                rm -f $TMPFILE;
24                RV=1;
25        }
26}
27
28do_check ()
29{
30        do_check_files "$1" "$2" "$3" `find . -path ./intl -prune -o -name '*.c' -print`
31}
32
33do_check '\<fopen.*'\"'.*w' __FOPEN_CHECKED__ "Alert: Unchecked fopen calls."
34do_check '\<(mutt_)?strcpy' __STRCPY_CHECKED__ "Alert: Unchecked strcpy calls."
35do_check '\<strcat' __STRCAT_CHECKED__ "Alert: Unchecked strcat calls."
36do_check '\<sprintf.*%s' __SPRINTF_CHECKED__ "Alert: Unchecked sprintf calls."
37do_check '\<strncat' __STRNCAT_CHECKED__ "You probably meant safe_strcat here."
38do_check '\<safe_free' __SAFE_FREE_CHECKED__ "You probably meant FREE here."
39do_check '\<FREE[ ]?\([^&]' __FREE_CHECKED__ "You probably meant FREE(&...) here."
40
41# don't do this check on others' code.
42do_check_files '\<(malloc|realloc|free|strdup)[         ]*\(' __MEM_CHECKED__ "Alert: Use of traditional memory management calls." \
43        *.c imap/*.c
44
45rm -f $TMPFILE
46exit $RV
Note: See TracBrowser for help on using the browser.