Skip to content

CPP: Add query for CWE-675: Duplicate Operations on Resource #6588

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Sep 15, 2021
Merged

CPP: Add query for CWE-675: Duplicate Operations on Resource #6588

merged 5 commits into from
Sep 15, 2021

Conversation

ihsinme
Copy link
Contributor

@ihsinme ihsinme commented Sep 2, 2021

double release of descriptors can lead to an abnormal program termination.
when making a request to double free memory, I skipped the specified impact vector.
however, the situation described in CVE-2019-13351 suggests the need for such a request.

actual PR
bloomberg/comdb2#2940

@ihsinme ihsinme requested a review from a team as a code owner September 2, 2021 07:24
geoffw0
geoffw0 reviewed Sep 3, 2021
View reviewed changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a useful query, but the code is a little difficult to understand at the moment.

cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql

/** Holds if the first arguments of the two functions are similar. */
predicate similarArguments(FunctionCall fc, FunctionCall fc1) {
globalValueNumber(fc.getArgument(0)) = globalValueNumber(fc1.getArgument(0))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This simple case looks good to me. How often do the other two cases (below) help?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

all situations were detected on my tests. I would like to leave these cases, also because they provide cve detection.

@ihsinme @geoffw0
Update cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.qhelp
8b0d5a2 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
@ihsinme ihsinme mentioned this pull request Sep 5, 2021
Closed
1 task
@geoffw0
Copy link
Contributor

geoffw0 commented Sep 13, 2021

Results look good to me.

There may well be a performance issue with this query, but in my opinion we don't need to worry about that before merging into experimental.

geoffw0
geoffw0 approved these changes Sep 15, 2021
View reviewed changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests passed, merging...

@geoffw0 geoffw0 merged commit c4714b5 into github:main Sep 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geoffw0 geoffw0 geoffw0 approved these changes

Assignees
No one assigned
Labels
C++ documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ihsinme @geoffw0