1228753Smm/*
2228753Smm * util/fptr_wlist.h - function pointer whitelists.
3228753Smm *
4228753Smm * Copyright (c) 2007, NLnet Labs. All rights reserved.
5228753Smm *
6228753Smm * This software is open source.
7228753Smm *
8228753Smm * Redistribution and use in source and binary forms, with or without
9228753Smm * modification, are permitted provided that the following conditions
10228753Smm * are met:
11228753Smm *
12228753Smm * Redistributions of source code must retain the above copyright notice,
13228753Smm * this list of conditions and the following disclaimer.
14228753Smm *
15228753Smm * Redistributions in binary form must reproduce the above copyright notice,
16228753Smm * this list of conditions and the following disclaimer in the documentation
17228753Smm * and/or other materials provided with the distribution.
18228753Smm *
19228753Smm * Neither the name of the NLNET LABS nor the names of its contributors may
20228753Smm * be used to endorse or promote products derived from this software without
21228753Smm * specific prior written permission.
22228753Smm *
23228753Smm * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24228753Smm * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25228753Smm * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26229592Smm * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27228753Smm * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28228753Smm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29228753Smm * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30228753Smm * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31228753Smm * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32228753Smm * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33228753Smm * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34228753Smm */
35228753Smm
36228753Smm/**
37228753Smm * \file
38228753Smm *
39228753Smm * This file contains functions that check function pointers.
40228753Smm * The functions contain a whitelist of known good callback values.
41228753Smm * Any other values lead to an error.
42228753Smm *
43228753Smm * This prevent heap overflow based exploits, where the callback pointer
44228753Smm * is overwritten by a buffer overflow (apart from this defense, buffer
45228753Smm * overflows should be fixed of course).
46228753Smm *
47229592Smm * Function pointers are used in
48228753Smm * 	o network code callbacks.
49228753Smm * 	o rbtree, lruhash, region data manipulation
50228753Smm *		in lruhash, the assertions are before the critical regions.
51228753Smm *		in other places, assertions are before the callback.
52228753Smm * 	o module operations.
53228753Smm */
54228753Smm
55228753Smm#ifndef UTIL_FPTR_WLIST_H
56228753Smm#define UTIL_FPTR_WLIST_H
57228753Smm#include "util/netevent.h"
58228753Smm#include "util/storage/lruhash.h"
59228753Smm#include "util/module.h"
60228753Smm#include "util/tube.h"
61228753Smm#include "services/mesh.h"
62228753Smm
63228753Smm/**
64228753Smm * Macro to perform an assertion check for fptr wlist checks.
65228753Smm * Does not get disabled in optimize mode. Check adds security by layers.
66228753Smm */
67228753Smm#if defined(EXPORT_ALL_SYMBOLS)
68228753Smm#define fptr_ok(x) /* nothing, dll-exe memory layout on win disables it */
69228753Smm#else
70228753Smm#define fptr_ok(x) \
71228753Smm	do { if(!(x)) \
72228753Smm		fatal_exit("%s:%d: %s: pointer whitelist %s failed", \
73228753Smm		__FILE__, __LINE__, __func__, #x); \
74228753Smm	} while(0);
75228753Smm#endif
76228753Smm
77228753Smm/**
78228753Smm * Check function pointer whitelist for comm_point callback values.
79228753Smm *
80228753Smm * @param fptr: function pointer to check.
81228753Smm * @return false if not in whitelist.
82228753Smm */
83228753Smmint fptr_whitelist_comm_point(comm_point_callback_type *fptr);
84228753Smm
85228753Smm/**
86228753Smm * Check function pointer whitelist for raw comm_point callback values.
87228753Smm *
88228753Smm * @param fptr: function pointer to check.
89228753Smm * @return false if not in whitelist.
90228753Smm */
91228753Smmint fptr_whitelist_comm_point_raw(comm_point_callback_type *fptr);
92228753Smm
93228753Smm/**
94228753Smm * Check function pointer whitelist for comm_timer callback values.
95228753Smm *
96228753Smm * @param fptr: function pointer to check.
97228753Smm * @return false if not in whitelist.
98228753Smm */
99228753Smmint fptr_whitelist_comm_timer(void (*fptr)(void*));
100228753Smm
101228753Smm/**
102228753Smm * Check function pointer whitelist for comm_signal callback values.
103228753Smm *
104228753Smm * @param fptr: function pointer to check.
105228753Smm * @return false if not in whitelist.
106228753Smm */
107228753Smmint fptr_whitelist_comm_signal(void (*fptr)(int, void*));
108
109/**
110 * Check function pointer whitelist for start_accept callback values.
111 *
112 * @param fptr: function pointer to check.
113 * @return false if not in whitelist.
114 */
115int fptr_whitelist_start_accept(void (*fptr)(void*));
116
117/**
118 * Check function pointer whitelist for stop_accept callback values.
119 *
120 * @param fptr: function pointer to check.
121 * @return false if not in whitelist.
122 */
123int fptr_whitelist_stop_accept(void (*fptr)(void*));
124
125/**
126 * Check function pointer whitelist for event structure callback values.
127 * This is not called by libevent itself, but checked by netevent.
128 *
129 * @param fptr: function pointer to check.
130 * @return false if not in whitelist.
131 */
132int fptr_whitelist_event(void (*fptr)(int, short, void *));
133
134/**
135 * Check function pointer whitelist for pending udp callback values.
136 *
137 * @param fptr: function pointer to check.
138 * @return false if not in whitelist.
139 */
140int fptr_whitelist_pending_udp(comm_point_callback_type *fptr);
141
142/**
143 * Check function pointer whitelist for pending tcp callback values.
144 *
145 * @param fptr: function pointer to check.
146 * @return false if not in whitelist.
147 */
148int fptr_whitelist_pending_tcp(comm_point_callback_type *fptr);
149
150/**
151 * Check function pointer whitelist for serviced query callback values.
152 *
153 * @param fptr: function pointer to check.
154 * @return false if not in whitelist.
155 */
156int fptr_whitelist_serviced_query(comm_point_callback_type *fptr);
157
158/**
159 * Check function pointer whitelist for rbtree cmp callback values.
160 *
161 * @param fptr: function pointer to check.
162 * @return false if not in whitelist.
163 */
164int fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *));
165
166/**
167 * Check function pointer whitelist for lruhash sizefunc callback values.
168 *
169 * @param fptr: function pointer to check.
170 * @return false if not in whitelist.
171 */
172int fptr_whitelist_hash_sizefunc(lruhash_sizefunc_type fptr);
173
174/**
175 * Check function pointer whitelist for lruhash compfunc callback values.
176 *
177 * @param fptr: function pointer to check.
178 * @return false if not in whitelist.
179 */
180int fptr_whitelist_hash_compfunc(lruhash_compfunc_type fptr);
181
182/**
183 * Check function pointer whitelist for lruhash delkeyfunc callback values.
184 *
185 * @param fptr: function pointer to check.
186 * @return false if not in whitelist.
187 */
188int fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_type fptr);
189
190/**
191 * Check function pointer whitelist for lruhash deldata callback values.
192 *
193 * @param fptr: function pointer to check.
194 * @return false if not in whitelist.
195 */
196int fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_type fptr);
197
198/**
199 * Check function pointer whitelist for lruhash markdel callback values.
200 *
201 * @param fptr: function pointer to check.
202 * @return false if not in whitelist.
203 */
204int fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_type fptr);
205
206/**
207 * Check function pointer whitelist for module_env send_query callback values.
208 *
209 * @param fptr: function pointer to check.
210 * @return false if not in whitelist.
211 */
212int fptr_whitelist_modenv_send_query(struct outbound_entry* (*fptr)(
213	struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec,
214	int nocaps, struct sockaddr_storage* addr, socklen_t addrlen,
215	uint8_t* zone, size_t zonelen, int ssl_upstream, char* tls_auth_name,
216	struct module_qstate* q));
217
218/**
219 * Check function pointer whitelist for module_env detach_subs callback values.
220 *
221 * @param fptr: function pointer to check.
222 * @return false if not in whitelist.
223 */
224int fptr_whitelist_modenv_detach_subs(void (*fptr)(
225	struct module_qstate* qstate));
226
227/**
228 * Check function pointer whitelist for module_env attach_sub callback values.
229 *
230 * @param fptr: function pointer to check.
231 * @return false if not in whitelist.
232 */
233int fptr_whitelist_modenv_attach_sub(int (*fptr)(
234	struct module_qstate* qstate, struct query_info* qinfo,
235	uint16_t qflags, int prime, int valrec, struct module_qstate** newq));
236
237/**
238 * Check function pointer whitelist for module_env add_sub callback values.
239 *
240 * @param fptr: function pointer to check.
241 * @return false if not in whitelist.
242 */
243int fptr_whitelist_modenv_add_sub(int (*fptr)(struct module_qstate* qstate,
244	struct query_info* qinfo, uint16_t qflags, int prime, int valrec,
245	struct module_qstate** newq, struct mesh_state** sub));
246/**
247 * Check function pointer whitelist for module_env kill_sub callback values.
248 *
249 * @param fptr: function pointer to check.
250 * @return false if not in whitelist.
251 */
252int fptr_whitelist_modenv_kill_sub(void (*fptr)(struct module_qstate* newq));
253
254/**
255 * Check function pointer whitelist for module_env detect_cycle callback values.
256 *
257 * @param fptr: function pointer to check.
258 * @return false if not in whitelist.
259 */
260int fptr_whitelist_modenv_detect_cycle(int (*fptr)(
261	struct module_qstate* qstate, struct query_info* qinfo,
262	uint16_t flags, int prime, int valrec));
263
264/**
265 * Check function pointer whitelist for module init call values.
266 *
267 * @param fptr: function pointer to check.
268 * @return false if not in whitelist.
269 */
270int fptr_whitelist_mod_init(int (*fptr)(struct module_env* env, int id));
271
272/**
273 * Check function pointer whitelist for module deinit call values.
274 *
275 * @param fptr: function pointer to check.
276 * @return false if not in whitelist.
277 */
278int fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id));
279
280/**
281 * Check function pointer whitelist for module operate call values.
282 *
283 * @param fptr: function pointer to check.
284 * @return false if not in whitelist.
285 */
286int fptr_whitelist_mod_operate(void (*fptr)(struct module_qstate* qstate,
287	enum module_ev event, int id, struct outbound_entry* outbound));
288
289/**
290 * Check function pointer whitelist for module inform_super call values.
291 *
292 * @param fptr: function pointer to check.
293 * @return false if not in whitelist.
294 */
295int fptr_whitelist_mod_inform_super(void (*fptr)(
296	struct module_qstate* qstate, int id, struct module_qstate* super));
297
298/**
299 * Check function pointer whitelist for module clear call values.
300 *
301 * @param fptr: function pointer to check.
302 * @return false if not in whitelist.
303 */
304int fptr_whitelist_mod_clear(void (*fptr)(struct module_qstate* qstate,
305	int id));
306
307/**
308 * Check function pointer whitelist for module get_mem call values.
309 *
310 * @param fptr: function pointer to check.
311 * @return false if not in whitelist.
312 */
313int fptr_whitelist_mod_get_mem(size_t (*fptr)(struct module_env* env, int id));
314
315/**
316 * Check function pointer whitelist for alloc clear on id overflow call values.
317 *
318 * @param fptr: function pointer to check.
319 * @return false if not in whitelist.
320 */
321int fptr_whitelist_alloc_cleanup(void (*fptr)(void*));
322
323/**
324 * Check function pointer whitelist for tube listen handler values.
325 *
326 * @param fptr: function pointer to check.
327 * @return false if not in whitelist.
328 */
329int fptr_whitelist_tube_listen(tube_callback_type* fptr);
330
331/**
332 * Check function pointer whitelist for mesh state callback values.
333 *
334 * @param fptr: function pointer to check.
335 * @return false if not in whitelist.
336 */
337int fptr_whitelist_mesh_cb(mesh_cb_func_type fptr);
338
339/**
340 * Check function pointer whitelist for config_get_option func values.
341 * @param fptr: function pointer to check.
342 * @return false if not in whitelist.
343 */
344int fptr_whitelist_print_func(void (*fptr)(char*,void*));
345
346/**
347 * Check function pointer whitelist for inplace_cb_reply,
348 * inplace_cb_reply_cache, inplace_cb_reply_local and inplace_cb_reply_servfail
349 * func values.
350 * @param fptr: function pointer to check.
351 * @param type: the type of the callback function.
352 * @return false if not in whitelist.
353 */
354int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_type* fptr,
355	enum inplace_cb_list_type type);
356
357/**
358 * Check function pointer whitelist for inplace_cb_query func values.
359 * @param fptr: function pointer to check.
360 * @return false if not in whitelist.
361 */
362int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* fptr);
363
364/**
365 * Check function pointer whitelist for inplace_cb_edns_back_parsed func values.
366 * @param fptr: function pointer to check.
367 * @return false if not in whitelist.
368 */
369int fptr_whitelist_inplace_cb_edns_back_parsed(
370	inplace_cb_edns_back_parsed_func_type* fptr);
371
372/**
373 * Check function pointer whitelist for inplace_cb_query_response func values.
374 * @param fptr: function pointer to check.
375 * @return false if not in whitelist.
376 */
377int fptr_whitelist_inplace_cb_query_response(
378	inplace_cb_query_response_func_type* fptr);
379
380/**
381 * Check function pointer whitelist for serve_expired_lookup func values.
382 * @param fptr: function pointer to check.
383 * @return false if not in whitelist.
384 */
385int fptr_whitelist_serve_expired_lookup(serve_expired_lookup_func_type* fptr);
386
387/** Due to module breakage by fptr wlist, these test app declarations
388 * are presented here */
389/**
390 * compare two order_ids from lock-verify test app
391 * @param e1: first order_id
392 * @param e2: second order_id
393 * @return compare code -1, 0, +1 (like memcmp).
394 */
395int order_lock_cmp(const void* e1, const void* e2);
396
397/**
398 * compare two codeline structs for rbtree from memstats test app
399 * @param a: codeline
400 * @param b: codeline
401 * @return compare code -1, 0, +1 (like memcmp).
402 */
403int codeline_cmp(const void* a, const void* b);
404
405/** compare two replay_vars */
406int replay_var_compare(const void* a, const void* b);
407
408#endif /* UTIL_FPTR_WLIST_H */
409