View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010898 | GNUnet | util library | public | 2026-01-20 16:04 | 2026-03-11 16:45 |
| Reporter | schanzen | Assigned To | schanzen | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.27.0 | Fixed in Version | 0.27.0 | ||
| Summary | 0010898: Use of insecure variadic macros | ||||
| Description | We expose a couple (presumably) of APIs that make use of variadic macros in C ("...") where we expect the arguments to consist of pairs in the form of (data_ptr, data_len). The data_ptr is opaque and data_len is expected to be of size_t. This is a dangerous API because for example if the caller uses a literal like some_func (a, data_ptr1, 2); The "2" will be promoted to something possibly not size_t resulting potentially in a form of type confusion (interpreting the int as size_t, giving garbage lengths of the data pointers leading to invalid reads/writes). One example of such an API in util is GNUNET_CRYPTO_(h)kdf | ||||
| Tags | No tags attached. | ||||
|
|
One possible solution: struct GNUNET_CRYPTO_KdfArg { const void *arg; size_t arg_len; }; struct GNUNET_CRYPTO_KdfArg GNUNET_CRYPTO_kdf_arg(const void *p, size_t len) { struct GNUNET_CRYPTO_KdfArg r = {p,len}; return r; } struct GNUNET_CRYPTO_KdfArg KDF_TERMIANTOR () { static struct GNUNET_CRYPTO_KdfArg z; return z; } #define GNUNET_CRYPTO_kdf_auto(f) GNUNET_CRYPTO_kdf_arg (f, sizeof (*f)) #define GNUNET_CRYPTO_kdf_ (size_t result_len, char result[static result_len], size_t key_len, char key[static key_len], size_t salt_len, char salt[static salt_len], const struct GNUNET_CRYPTO_KdfArg[]); #define GNUNET_CRYPTO_kdf (size_t result_len, char result[static result_len], size_t key_len, char key[static key_len], size_t salt_len, char salt[static salt_len], ...) \ GNUNET_CRYPTO_kdf_ (result_len, result, key_len, key, salt_len, salt, ((const struct GNUNET_CRYPTO_KdfArg[]) { __VA_ARGS__, KDF_TERMINATOR })) but we may want to be more generic with the argument array |
|
|
Fixed in master |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2026-01-20 16:04 | schanzen | New Issue | |
| 2026-01-20 16:06 | schanzen | Note Added: 0027294 | |
| 2026-01-20 16:08 | schanzen | Description Updated | |
| 2026-03-09 20:16 | schanzen | Assigned To | => schanzen |
| 2026-03-09 20:16 | schanzen | Status | new => assigned |
| 2026-03-11 16:45 | schanzen | Status | assigned => resolved |
| 2026-03-11 16:45 | schanzen | Resolution | open => fixed |
| 2026-03-11 16:45 | schanzen | Fixed in Version | => 0.27.0 |
| 2026-03-11 16:45 | schanzen | Note Added: 0028095 |
