diff --git a/addons/cert.py b/addons/cert.py index e49e7a6d0..6d5184d7b 100755 --- a/addons/cert.py +++ b/addons/cert.py @@ -335,6 +335,25 @@ def str11(data): if valueToken.isNumber and int(valueToken.str)==strlen: reportError(valueToken, 'style', 'Do not specify the bound of a character array initialized with a string literal', 'STR11-C') +# API01-C +# Avoid laying out strings in memory directly before sensitive data +def api01(data): + for scope in data.scopes: + if scope.type!='Struct': + continue + token = scope.bodyStart + arrayFound=False + # loop through the complete struct + while token != scope.bodyEnd: + if token.isName and token.variable: + if token.variable.isArray: + arrayFound=True + elif arrayFound and not token.variable.isArray and not token.variable.isConst: + reportError(token, 'style', 'Avoid laying out strings in memory directly before sensitive data', 'API01-C') + # reset flags to report other positions in the same struct + arrayFound=False + token = token.next + for arg in sys.argv[1:]: if arg == '-verify': VERIFY = True @@ -367,6 +386,7 @@ for arg in sys.argv[1:]: str11(cfg) msc24(cfg) msc30(cfg) + api01(cfg) if VERIFY: for expected in VERIFY_EXPECTED: diff --git a/addons/test/cert-test.c b/addons/test/cert-test.c index 66996d4bf..dd850c179 100644 --- a/addons/test/cert-test.c +++ b/addons/test/cert-test.c @@ -11,6 +11,26 @@ struct PackedStruct { short b; }; +void api01() +{ + const size_t String_Size = 20; + struct bad_node_s + { + char name[String_Size]; + struct bad_node_s* next; // cert-API01-C + } + struct good_node_s + { + struct good_node_s* next; + char name[String_Size]; + } + struct also_good_node_s + { + struct also_good_node_s* next; + char *name; + } +} + void dostuff(int *data); void exp05()