View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0010898GNUnetutil librarypublic2026-01-20 16:042026-01-20 16:08
Reporterschanzen Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Product VersionGit master 
Target Version0.27.0 
Summary0010898: Use of insecure variadic macros
DescriptionWe expose a couple (presumably) of APIs that make use of variadic macros in C ("...") where we expect the arguments to consist of pairs in the form of (data_ptr, data_len).
The data_ptr is opaque and data_len is expected to be of size_t.
This is a dangerous API because for example if the caller uses a literal like

some_func (a, data_ptr1, 2);

The "2" will be promoted to something possibly not size_t resulting potentially in a form of type confusion (interpreting the int as size_t, giving garbage lengths of the data pointers leading to invalid reads/writes).

One example of such an API in util is GNUNET_CRYPTO_(h)kdf

TagsNo tags attached.

Activities

schanzen

2026-01-20 16:06

administrator   ~0027294

One possible solution:

struct GNUNET_CRYPTO_KdfArg {
  const void *arg;
  size_t arg_len;
};

struct GNUNET_CRYPTO_KdfArg
GNUNET_CRYPTO_kdf_arg(const void *p,
              size_t len)
{
  struct GNUNET_CRYPTO_KdfArg r = {p,len};
  return r;
}

struct GNUNET_CRYPTO_KdfArg
KDF_TERMIANTOR ()
{
  static struct GNUNET_CRYPTO_KdfArg z;
  return z;
}

#define GNUNET_CRYPTO_kdf_auto(f) GNUNET_CRYPTO_kdf_arg (f, sizeof (*f))

#define GNUNET_CRYPTO_kdf_ (size_t result_len, char result[static result_len], size_t key_len, char key[static key_len], size_t salt_len, char salt[static salt_len], const struct GNUNET_CRYPTO_KdfArg[]);

#define GNUNET_CRYPTO_kdf (size_t result_len, char result[static result_len], size_t key_len, char key[static key_len], size_t salt_len, char salt[static salt_len], ...) \
  GNUNET_CRYPTO_kdf_ (result_len, result, key_len, key, salt_len, salt, ((const struct GNUNET_CRYPTO_KdfArg[]) { __VA_ARGS__, KDF_TERMINATOR }))



      


but we may want to be more generic with the argument array

Issue History

Date Modified Username Field Change
2026-01-20 16:04 schanzen New Issue
2026-01-20 16:06 schanzen Note Added: 0027294
2026-01-20 16:08 schanzen Description Updated