Suppress 'tainted string passed to vulnerable operation' false defects

* include/private/gc_priv.h (TRUSTED_STRING): New tagging macro; add
comment.
* misc.c (GC_init): Process the result of GETENV("GC_LOG_FILE") by
TRUSTED_STRING.
* tools/if_mach.c (main): Process argv[3] by TRUSTED_STRING (before
passing the string to execvp).
* tools/if_not_there.c (main): Declare "fname" local variable;
process argv[1] and argv[2] by TRUSTED_STRING (before passing the
strings to fopen/opendir and execvp, respectively).

diff --git a/include/private/gc_priv.h b/include/private/gc_priv.h
index 73eb48c..979b27f 100644 (file)
--- a/include/private/gc_priv.h
+++ b/include/private/gc_priv.h
@@ -565,6 +565,11 @@ GC_EXTERN GC_warn_proc GC_current_warn_proc;
 # define WARN_PRIdPTR "ld"
 #endif
 
+/* A tagging macro (for a code static analyzer) to indicate that the    */
+/* string obtained from an untrusted source (e.g., argv[], getenv) is   */
+/* safe to use in a vulnerable operation (e.g., open, exec).            */
+#define TRUSTED_STRING(s) (s)
+
 /* Get environment entry */
 #ifdef GC_READ_ENV_FILE
   GC_INNER char * GC_envfile_getenv(const char *name);

diff --git a/misc.c b/misc.c
index 5761ab5..43f0d73 100644 (file)
--- a/misc.c
+++ b/misc.c
@@ -969,7 +969,7 @@ GC_API void GC_CALL GC_init(void)
 #     if (defined(UNIX_LIKE) && !defined(GC_ANDROID_LOG)) \
          || defined(CYGWIN32) || defined(SYMBIAN)
         {
-          char * file_name = GETENV("GC_LOG_FILE");
+          char * file_name = TRUSTED_STRING(GETENV("GC_LOG_FILE"));
 #         ifdef GC_LOG_TO_FILE_ALWAYS
             if (NULL == file_name)
               file_name = GC_LOG_STD_NAME;

diff --git a/tools/if_mach.c b/tools/if_mach.c
index f99d164..1b12a39 100644 (file)
--- a/tools/if_mach.c
+++ b/tools/if_mach.c
@@ -13,7 +13,7 @@ int main(int argc, char **argv)
         && strcmp(OS_TYPE, argv[2]) != 0) return(0);
     fprintf(stderr, "^^^^Starting command^^^^\n");
     fflush(stdout);
-    execvp(argv[3], argv+3);
+    execvp(TRUSTED_STRING(argv[3]), argv+3);
     perror("Couldn't execute");
 
 Usage:

diff --git a/tools/if_not_there.c b/tools/if_not_there.c
index 652126d..845b19a 100644 (file)
--- a/tools/if_not_there.c
+++ b/tools/if_not_there.c
@@ -15,27 +15,30 @@ int main(int argc, char **argv)
 #ifdef __DJGPP__
     DIR * d;
 #endif /* __DJGPP__ */
+    char *fname;
+
     if (argc < 3) goto Usage;
 
-    f = fopen(argv[1], "rb");
+    fname = TRUSTED_STRING(argv[1]);
+    f = fopen(fname, "rb");
     if (f != NULL) {
         fclose(f);
         return(0);
     }
-    f = fopen(argv[1], "r");
+    f = fopen(fname, "r");
     if (f != NULL) {
         fclose(f);
         return(0);
     }
 #ifdef __DJGPP__
-    if ((d = opendir(argv[1])) != 0) {
+    if ((d = opendir(fname)) != 0) {
             closedir(d);
             return(0);
     }
 #endif
     printf("^^^^Starting command^^^^\n");
     fflush(stdout);
-    execvp(argv[2], argv+2);
+    execvp(TRUSTED_STRING(argv[2]), argv+2);
     exit(1);
 
 Usage: