1238106Sdes/* 2238106Sdes * util/fptr_wlist.h - function pointer whitelists. 3238106Sdes * 4238106Sdes * Copyright (c) 2007, NLnet Labs. All rights reserved. 5238106Sdes * 6238106Sdes * This software is open source. 7238106Sdes * 8238106Sdes * Redistribution and use in source and binary forms, with or without 9238106Sdes * modification, are permitted provided that the following conditions 10238106Sdes * are met: 11238106Sdes * 12238106Sdes * Redistributions of source code must retain the above copyright notice, 13238106Sdes * this list of conditions and the following disclaimer. 14238106Sdes * 15238106Sdes * Redistributions in binary form must reproduce the above copyright notice, 16238106Sdes * this list of conditions and the following disclaimer in the documentation 17238106Sdes * and/or other materials provided with the distribution. 18238106Sdes * 19238106Sdes * Neither the name of the NLNET LABS nor the names of its contributors may 20238106Sdes * be used to endorse or promote products derived from this software without 21238106Sdes * specific prior written permission. 22238106Sdes * 23238106Sdes * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24269257Sdes * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25269257Sdes * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26269257Sdes * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27269257Sdes * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28269257Sdes * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29269257Sdes * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30269257Sdes * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31269257Sdes * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32269257Sdes * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33269257Sdes * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34238106Sdes */ 35238106Sdes 36238106Sdes/** 37238106Sdes * \file 38238106Sdes * 39238106Sdes * This file contains functions that check function pointers. 40238106Sdes * The functions contain a whitelist of known good callback values. 41238106Sdes * Any other values lead to an error. 42238106Sdes * 43238106Sdes * This prevent heap overflow based exploits, where the callback pointer 44238106Sdes * is overwritten by a buffer overflow (apart from this defense, buffer 45238106Sdes * overflows should be fixed of course). 46238106Sdes * 47238106Sdes * Function pointers are used in 48238106Sdes * o network code callbacks. 49238106Sdes * o rbtree, lruhash, region data manipulation 50238106Sdes * in lruhash, the assertions are before the critical regions. 51238106Sdes * in other places, assertions are before the callback. 52238106Sdes * o module operations. 53238106Sdes */ 54238106Sdes 55238106Sdes#ifndef UTIL_FPTR_WLIST_H 56238106Sdes#define UTIL_FPTR_WLIST_H 57238106Sdes#include "util/netevent.h" 58238106Sdes#include "util/storage/lruhash.h" 59238106Sdes#include "util/module.h" 60238106Sdes#include "util/tube.h" 61238106Sdes#include "services/mesh.h" 62238106Sdes 63238106Sdes/** 64238106Sdes * Macro to perform an assertion check for fptr wlist checks. 65238106Sdes * Does not get disabled in optimize mode. Check adds security by layers. 66238106Sdes */ 67238106Sdes#if defined(EXPORT_ALL_SYMBOLS) 68238106Sdes#define fptr_ok(x) /* nothing, dll-exe memory layout on win disables it */ 69238106Sdes#else 70238106Sdes#define fptr_ok(x) \ 71238106Sdes do { if(!(x)) \ 72238106Sdes fatal_exit("%s:%d: %s: pointer whitelist %s failed", \ 73238106Sdes __FILE__, __LINE__, __func__, #x); \ 74238106Sdes } while(0); 75238106Sdes#endif 76238106Sdes 77238106Sdes/** 78238106Sdes * Check function pointer whitelist for comm_point callback values. 79238106Sdes * 80238106Sdes * @param fptr: function pointer to check. 81238106Sdes * @return false if not in whitelist. 82238106Sdes */ 83238106Sdesint fptr_whitelist_comm_point(comm_point_callback_t *fptr); 84238106Sdes 85238106Sdes/** 86238106Sdes * Check function pointer whitelist for raw comm_point callback values. 87238106Sdes * 88238106Sdes * @param fptr: function pointer to check. 89238106Sdes * @return false if not in whitelist. 90238106Sdes */ 91238106Sdesint fptr_whitelist_comm_point_raw(comm_point_callback_t *fptr); 92238106Sdes 93238106Sdes/** 94238106Sdes * Check function pointer whitelist for comm_timer callback values. 95238106Sdes * 96238106Sdes * @param fptr: function pointer to check. 97238106Sdes * @return false if not in whitelist. 98238106Sdes */ 99238106Sdesint fptr_whitelist_comm_timer(void (*fptr)(void*)); 100238106Sdes 101238106Sdes/** 102238106Sdes * Check function pointer whitelist for comm_signal callback values. 103238106Sdes * 104238106Sdes * @param fptr: function pointer to check. 105238106Sdes * @return false if not in whitelist. 106238106Sdes */ 107238106Sdesint fptr_whitelist_comm_signal(void (*fptr)(int, void*)); 108238106Sdes 109238106Sdes/** 110238106Sdes * Check function pointer whitelist for start_accept callback values. 111238106Sdes * 112238106Sdes * @param fptr: function pointer to check. 113238106Sdes * @return false if not in whitelist. 114238106Sdes */ 115238106Sdesint fptr_whitelist_start_accept(void (*fptr)(void*)); 116238106Sdes 117238106Sdes/** 118238106Sdes * Check function pointer whitelist for stop_accept callback values. 119238106Sdes * 120238106Sdes * @param fptr: function pointer to check. 121238106Sdes * @return false if not in whitelist. 122238106Sdes */ 123238106Sdesint fptr_whitelist_stop_accept(void (*fptr)(void*)); 124238106Sdes 125238106Sdes/** 126238106Sdes * Check function pointer whitelist for event structure callback values. 127238106Sdes * This is not called by libevent itself, but checked by netevent. 128238106Sdes * 129238106Sdes * @param fptr: function pointer to check. 130238106Sdes * @return false if not in whitelist. 131238106Sdes */ 132238106Sdesint fptr_whitelist_event(void (*fptr)(int, short, void *)); 133238106Sdes 134238106Sdes/** 135238106Sdes * Check function pointer whitelist for pending udp callback values. 136238106Sdes * 137238106Sdes * @param fptr: function pointer to check. 138238106Sdes * @return false if not in whitelist. 139238106Sdes */ 140238106Sdesint fptr_whitelist_pending_udp(comm_point_callback_t *fptr); 141238106Sdes 142238106Sdes/** 143238106Sdes * Check function pointer whitelist for pending tcp callback values. 144238106Sdes * 145238106Sdes * @param fptr: function pointer to check. 146238106Sdes * @return false if not in whitelist. 147238106Sdes */ 148238106Sdesint fptr_whitelist_pending_tcp(comm_point_callback_t *fptr); 149238106Sdes 150238106Sdes/** 151238106Sdes * Check function pointer whitelist for serviced query callback values. 152238106Sdes * 153238106Sdes * @param fptr: function pointer to check. 154238106Sdes * @return false if not in whitelist. 155238106Sdes */ 156238106Sdesint fptr_whitelist_serviced_query(comm_point_callback_t *fptr); 157238106Sdes 158238106Sdes/** 159238106Sdes * Check function pointer whitelist for rbtree cmp callback values. 160238106Sdes * 161238106Sdes * @param fptr: function pointer to check. 162238106Sdes * @return false if not in whitelist. 163238106Sdes */ 164238106Sdesint fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *)); 165238106Sdes 166238106Sdes/** 167238106Sdes * Check function pointer whitelist for lruhash sizefunc callback values. 168238106Sdes * 169238106Sdes * @param fptr: function pointer to check. 170238106Sdes * @return false if not in whitelist. 171238106Sdes */ 172238106Sdesint fptr_whitelist_hash_sizefunc(lruhash_sizefunc_t fptr); 173238106Sdes 174238106Sdes/** 175238106Sdes * Check function pointer whitelist for lruhash compfunc callback values. 176238106Sdes * 177238106Sdes * @param fptr: function pointer to check. 178238106Sdes * @return false if not in whitelist. 179238106Sdes */ 180238106Sdesint fptr_whitelist_hash_compfunc(lruhash_compfunc_t fptr); 181238106Sdes 182238106Sdes/** 183238106Sdes * Check function pointer whitelist for lruhash delkeyfunc callback values. 184238106Sdes * 185238106Sdes * @param fptr: function pointer to check. 186238106Sdes * @return false if not in whitelist. 187238106Sdes */ 188238106Sdesint fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_t fptr); 189238106Sdes 190238106Sdes/** 191238106Sdes * Check function pointer whitelist for lruhash deldata callback values. 192238106Sdes * 193238106Sdes * @param fptr: function pointer to check. 194238106Sdes * @return false if not in whitelist. 195238106Sdes */ 196238106Sdesint fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_t fptr); 197238106Sdes 198238106Sdes/** 199238106Sdes * Check function pointer whitelist for lruhash markdel callback values. 200238106Sdes * 201238106Sdes * @param fptr: function pointer to check. 202238106Sdes * @return false if not in whitelist. 203238106Sdes */ 204238106Sdesint fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_t fptr); 205238106Sdes 206238106Sdes/** 207238106Sdes * Check function pointer whitelist for module_env send_query callback values. 208238106Sdes * 209238106Sdes * @param fptr: function pointer to check. 210238106Sdes * @return false if not in whitelist. 211238106Sdes */ 212238106Sdesint fptr_whitelist_modenv_send_query(struct outbound_entry* (*fptr)( 213238106Sdes uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, 214285206Sdes uint16_t flags, int dnssec, int want_dnssec, int nocaps, 215238106Sdes struct sockaddr_storage* addr, socklen_t addrlen, 216238106Sdes uint8_t* zone, size_t zonelen, 217238106Sdes struct module_qstate* q)); 218238106Sdes 219238106Sdes/** 220238106Sdes * Check function pointer whitelist for module_env detach_subs callback values. 221238106Sdes * 222238106Sdes * @param fptr: function pointer to check. 223238106Sdes * @return false if not in whitelist. 224238106Sdes */ 225238106Sdesint fptr_whitelist_modenv_detach_subs(void (*fptr)( 226238106Sdes struct module_qstate* qstate)); 227238106Sdes 228238106Sdes/** 229238106Sdes * Check function pointer whitelist for module_env attach_sub callback values. 230238106Sdes * 231238106Sdes * @param fptr: function pointer to check. 232238106Sdes * @return false if not in whitelist. 233238106Sdes */ 234238106Sdesint fptr_whitelist_modenv_attach_sub(int (*fptr)( 235238106Sdes struct module_qstate* qstate, struct query_info* qinfo, 236285206Sdes uint16_t qflags, int prime, int valrec, struct module_qstate** newq)); 237238106Sdes 238238106Sdes/** 239238106Sdes * Check function pointer whitelist for module_env kill_sub callback values. 240238106Sdes * 241238106Sdes * @param fptr: function pointer to check. 242238106Sdes * @return false if not in whitelist. 243238106Sdes */ 244238106Sdesint fptr_whitelist_modenv_kill_sub(void (*fptr)(struct module_qstate* newq)); 245238106Sdes 246238106Sdes/** 247238106Sdes * Check function pointer whitelist for module_env detect_cycle callback values. 248238106Sdes * 249238106Sdes * @param fptr: function pointer to check. 250238106Sdes * @return false if not in whitelist. 251238106Sdes */ 252238106Sdesint fptr_whitelist_modenv_detect_cycle(int (*fptr)( 253238106Sdes struct module_qstate* qstate, struct query_info* qinfo, 254285206Sdes uint16_t flags, int prime, int valrec)); 255238106Sdes 256238106Sdes/** 257238106Sdes * Check function pointer whitelist for module init call values. 258238106Sdes * 259238106Sdes * @param fptr: function pointer to check. 260238106Sdes * @return false if not in whitelist. 261238106Sdes */ 262238106Sdesint fptr_whitelist_mod_init(int (*fptr)(struct module_env* env, int id)); 263238106Sdes 264238106Sdes/** 265238106Sdes * Check function pointer whitelist for module deinit call values. 266238106Sdes * 267238106Sdes * @param fptr: function pointer to check. 268238106Sdes * @return false if not in whitelist. 269238106Sdes */ 270238106Sdesint fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id)); 271238106Sdes 272238106Sdes/** 273238106Sdes * Check function pointer whitelist for module operate call values. 274238106Sdes * 275238106Sdes * @param fptr: function pointer to check. 276238106Sdes * @return false if not in whitelist. 277238106Sdes */ 278238106Sdesint fptr_whitelist_mod_operate(void (*fptr)(struct module_qstate* qstate, 279238106Sdes enum module_ev event, int id, struct outbound_entry* outbound)); 280238106Sdes 281238106Sdes/** 282238106Sdes * Check function pointer whitelist for module inform_super call values. 283238106Sdes * 284238106Sdes * @param fptr: function pointer to check. 285238106Sdes * @return false if not in whitelist. 286238106Sdes */ 287238106Sdesint fptr_whitelist_mod_inform_super(void (*fptr)( 288238106Sdes struct module_qstate* qstate, int id, struct module_qstate* super)); 289238106Sdes 290238106Sdes/** 291238106Sdes * Check function pointer whitelist for module clear call values. 292238106Sdes * 293238106Sdes * @param fptr: function pointer to check. 294238106Sdes * @return false if not in whitelist. 295238106Sdes */ 296238106Sdesint fptr_whitelist_mod_clear(void (*fptr)(struct module_qstate* qstate, 297238106Sdes int id)); 298238106Sdes 299238106Sdes/** 300238106Sdes * Check function pointer whitelist for module get_mem call values. 301238106Sdes * 302238106Sdes * @param fptr: function pointer to check. 303238106Sdes * @return false if not in whitelist. 304238106Sdes */ 305238106Sdesint fptr_whitelist_mod_get_mem(size_t (*fptr)(struct module_env* env, int id)); 306238106Sdes 307238106Sdes/** 308238106Sdes * Check function pointer whitelist for alloc clear on id overflow call values. 309238106Sdes * 310238106Sdes * @param fptr: function pointer to check. 311238106Sdes * @return false if not in whitelist. 312238106Sdes */ 313238106Sdesint fptr_whitelist_alloc_cleanup(void (*fptr)(void*)); 314238106Sdes 315238106Sdes/** 316238106Sdes * Check function pointer whitelist for tube listen handler values. 317238106Sdes * 318238106Sdes * @param fptr: function pointer to check. 319238106Sdes * @return false if not in whitelist. 320238106Sdes */ 321238106Sdesint fptr_whitelist_tube_listen(tube_callback_t* fptr); 322238106Sdes 323238106Sdes/** 324238106Sdes * Check function pointer whitelist for mesh state callback values. 325238106Sdes * 326238106Sdes * @param fptr: function pointer to check. 327238106Sdes * @return false if not in whitelist. 328238106Sdes */ 329238106Sdesint fptr_whitelist_mesh_cb(mesh_cb_func_t fptr); 330238106Sdes 331238106Sdes/** 332238106Sdes * Check function pointer whitelist for config_get_option func values. 333238106Sdes * @param fptr: function pointer to check. 334238106Sdes * @return false if not in whitelist. 335238106Sdes */ 336238106Sdesint fptr_whitelist_print_func(void (*fptr)(char*,void*)); 337238106Sdes 338238106Sdes/** Due to module breakage by fptr wlist, these test app declarations 339238106Sdes * are presented here */ 340238106Sdes/** 341238106Sdes * compare two order_ids from lock-verify test app 342238106Sdes * @param e1: first order_id 343238106Sdes * @param e2: second order_id 344238106Sdes * @return compare code -1, 0, +1 (like memcmp). 345238106Sdes */ 346238106Sdesint order_lock_cmp(const void* e1, const void* e2); 347238106Sdes 348238106Sdes/** 349238106Sdes * compare two codeline structs for rbtree from memstats test app 350238106Sdes * @param a: codeline 351238106Sdes * @param b: codeline 352238106Sdes * @return compare code -1, 0, +1 (like memcmp). 353238106Sdes */ 354238106Sdesint codeline_cmp(const void* a, const void* b); 355238106Sdes 356238106Sdes/** compare two replay_vars */ 357238106Sdesint replay_var_compare(const void* a, const void* b); 358238106Sdes 359238106Sdes#endif /* UTIL_FPTR_WLIST_H */ 360