Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Additional refactoring of ns_turn_allocation.* to address security scanner concerns #1514

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Additional refactoring of ns_turn_allocation.* to address security scanner concerns #1514

wants to merge 1 commit into from

Conversation

jonesmz
Copy link
Contributor

@jonesmz jonesmz commented Jun 2, 2024
edited
Loading

You can see the list here: https://github.com/coturn/coturn/security/code-scanning

In this case, i'm attempting to address:

ns_turn_allocation.c:725 -- Dereferencing NULL pointer. 'ub->bufs' contains the same NULL value as 'realloc()' did.
ns_turn_allocation.c:724 -- 'realloc' might return null pointer: assigning null pointer to 'ub->bufs', which is passed as an argument to 'realloc', will cause the original memory block to be leaked.
ns_turn_allocation.c:604 -- Dereferencing NULL pointer. 'a->tcs.elems' contains the same NULL value as 'realloc()' did.
ns_turn_allocation.c:582 -- Dereferencing NULL pointer 'tc'.
ns_turn_allocation.c:603 -- 'realloc' might return null pointer: assigning null pointer to 'a->tcs.elems', which is passed as an argument to 'realloc', will cause the original memory block to be leaked.
ns_turn_allocation.c:525 -- Using uninitialized memory '*chi'.
ns_turn_allocation.c:229 -- Using uninitialized memory '*slot'.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 2, 2024
View reviewed changes
src/server/ns_turn_allocation.c
for (size_t j = 0; j < parray->extra_sz; ++j) {
turn_permission_slot *slot = parray->extra_slots[j];
if (slot) {
if (slot->info.allocated) {

Check warning

Code scanning / PREfast

Using uninitialized memory '*slot'. Warning

Using uninitialized memory '*slot'.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm honestly not sure why the scanner is convinced there's a bug here...

src/server/ns_turn_allocation.c
for (size_t i = 0; i < a->extra_sz; ++i) {
ch_info *chi = a->extra_chns[i];
if (chi) {
if (chi->allocated) {

Check warning

Code scanning / PREfast

Using uninitialized memory '*chi'. Warning

Using uninitialized memory '*chi'.
@jonesmz jonesmz force-pushed the more-turnallocation-refactor branch from e2ddfa8 to fc325db Compare July 29, 2024 09:00
@jonesmz
Copy link
Contributor Author

jonesmz commented Jul 29, 2024
edited
Loading

@eakraly Anything needed before merging this?

@jonesmz jonesmz force-pushed the more-turnallocation-refactor branch from fc325db to d5a6b4e Compare August 5, 2024 07:56
@eakraly
Copy link
Collaborator

eakraly commented Aug 6, 2024

@jonesmz what were the scanner issues? Could you please mention them in the description? Thanks!

@jonesmz
Copy link
Contributor Author

jonesmz commented Aug 6, 2024

You can see the list here: https://github.com/coturn/coturn/security/code-scanning

In this case, i'm attempting to address:

  1. ns_turn_allocation.c:725 -- Dereferencing NULL pointer. 'ub->bufs' contains the same NULL value as 'realloc()' did.
  2. ns_turn_allocation.c:724 -- 'realloc' might return null pointer: assigning null pointer to 'ub->bufs', which is passed as an argument to 'realloc', will cause the original memory block to be leaked.
  3. ns_turn_allocation.c:604 -- Dereferencing NULL pointer. 'a->tcs.elems' contains the same NULL value as 'realloc()' did.
  4. ns_turn_allocation.c:582 -- Dereferencing NULL pointer 'tc'.
  5. ns_turn_allocation.c:603 -- 'realloc' might return null pointer: assigning null pointer to 'a->tcs.elems', which is passed as an argument to 'realloc', will cause the original memory block to be leaked.
  6. ns_turn_allocation.c:525 -- Using uninitialized memory '*chi'.
  7. ns_turn_allocation.c:229 -- Using uninitialized memory '*slot'.

eakraly
eakraly reviewed Sep 9, 2024
View reviewed changes
src/server/ns_turn_allocation.c
}
free(slot);
parray->extra_slots[j] = NULL;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like extra work - the whole parray->extra_slots is released after the loop finishes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

certainly, but the analyzer still complains about it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eakraly eakraly eakraly left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonesmz @eakraly