1228753Smm/* 2228753Smm * util/fptr_wlist.h - function pointer whitelists. 3228753Smm * 4228753Smm * Copyright (c) 2007, NLnet Labs. All rights reserved. 5228753Smm * 6228753Smm * This software is open source. 7228753Smm * 8228753Smm * Redistribution and use in source and binary forms, with or without 9228753Smm * modification, are permitted provided that the following conditions 10228753Smm * are met: 11228753Smm * 12228753Smm * Redistributions of source code must retain the above copyright notice, 13228753Smm * this list of conditions and the following disclaimer. 14228753Smm * 15228753Smm * Redistributions in binary form must reproduce the above copyright notice, 16228753Smm * this list of conditions and the following disclaimer in the documentation 17228753Smm * and/or other materials provided with the distribution. 18228753Smm * 19228753Smm * Neither the name of the NLNET LABS nor the names of its contributors may 20228753Smm * be used to endorse or promote products derived from this software without 21228753Smm * specific prior written permission. 22228753Smm * 23228753Smm * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24228753Smm * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25228753Smm * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26229592Smm * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27228753Smm * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28228753Smm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29228753Smm * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30228753Smm * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31228753Smm * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32228753Smm * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33228753Smm * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34228753Smm */ 35228753Smm 36228753Smm/** 37228753Smm * \file 38228753Smm * 39228753Smm * This file contains functions that check function pointers. 40228753Smm * The functions contain a whitelist of known good callback values. 41228753Smm * Any other values lead to an error. 42228753Smm * 43228753Smm * This prevent heap overflow based exploits, where the callback pointer 44228753Smm * is overwritten by a buffer overflow (apart from this defense, buffer 45228753Smm * overflows should be fixed of course). 46228753Smm * 47229592Smm * Function pointers are used in 48228753Smm * o network code callbacks. 49228753Smm * o rbtree, lruhash, region data manipulation 50228753Smm * in lruhash, the assertions are before the critical regions. 51228753Smm * in other places, assertions are before the callback. 52228753Smm * o module operations. 53228753Smm */ 54228753Smm 55228753Smm#ifndef UTIL_FPTR_WLIST_H 56228753Smm#define UTIL_FPTR_WLIST_H 57228753Smm#include "util/netevent.h" 58228753Smm#include "util/storage/lruhash.h" 59228753Smm#include "util/module.h" 60228753Smm#include "util/tube.h" 61228753Smm#include "services/mesh.h" 62228753Smm 63228753Smm/** 64228753Smm * Macro to perform an assertion check for fptr wlist checks. 65228753Smm * Does not get disabled in optimize mode. Check adds security by layers. 66228753Smm */ 67228753Smm#if defined(EXPORT_ALL_SYMBOLS) 68228753Smm#define fptr_ok(x) /* nothing, dll-exe memory layout on win disables it */ 69228753Smm#else 70228753Smm#define fptr_ok(x) \ 71228753Smm do { if(!(x)) \ 72228753Smm fatal_exit("%s:%d: %s: pointer whitelist %s failed", \ 73228753Smm __FILE__, __LINE__, __func__, #x); \ 74228753Smm } while(0); 75228753Smm#endif 76228753Smm 77228753Smm/** 78228753Smm * Check function pointer whitelist for comm_point callback values. 79228753Smm * 80228753Smm * @param fptr: function pointer to check. 81228753Smm * @return false if not in whitelist. 82228753Smm */ 83228753Smmint fptr_whitelist_comm_point(comm_point_callback_type *fptr); 84228753Smm 85228753Smm/** 86228753Smm * Check function pointer whitelist for raw comm_point callback values. 87228753Smm * 88228753Smm * @param fptr: function pointer to check. 89228753Smm * @return false if not in whitelist. 90228753Smm */ 91228753Smmint fptr_whitelist_comm_point_raw(comm_point_callback_type *fptr); 92228753Smm 93228753Smm/** 94228753Smm * Check function pointer whitelist for comm_timer callback values. 95228753Smm * 96228753Smm * @param fptr: function pointer to check. 97228753Smm * @return false if not in whitelist. 98228753Smm */ 99228753Smmint fptr_whitelist_comm_timer(void (*fptr)(void*)); 100228753Smm 101228753Smm/** 102228753Smm * Check function pointer whitelist for comm_signal callback values. 103228753Smm * 104228753Smm * @param fptr: function pointer to check. 105228753Smm * @return false if not in whitelist. 106228753Smm */ 107228753Smmint fptr_whitelist_comm_signal(void (*fptr)(int, void*)); 108 109/** 110 * Check function pointer whitelist for start_accept callback values. 111 * 112 * @param fptr: function pointer to check. 113 * @return false if not in whitelist. 114 */ 115int fptr_whitelist_start_accept(void (*fptr)(void*)); 116 117/** 118 * Check function pointer whitelist for stop_accept callback values. 119 * 120 * @param fptr: function pointer to check. 121 * @return false if not in whitelist. 122 */ 123int fptr_whitelist_stop_accept(void (*fptr)(void*)); 124 125/** 126 * Check function pointer whitelist for event structure callback values. 127 * This is not called by libevent itself, but checked by netevent. 128 * 129 * @param fptr: function pointer to check. 130 * @return false if not in whitelist. 131 */ 132int fptr_whitelist_event(void (*fptr)(int, short, void *)); 133 134/** 135 * Check function pointer whitelist for pending udp callback values. 136 * 137 * @param fptr: function pointer to check. 138 * @return false if not in whitelist. 139 */ 140int fptr_whitelist_pending_udp(comm_point_callback_type *fptr); 141 142/** 143 * Check function pointer whitelist for pending tcp callback values. 144 * 145 * @param fptr: function pointer to check. 146 * @return false if not in whitelist. 147 */ 148int fptr_whitelist_pending_tcp(comm_point_callback_type *fptr); 149 150/** 151 * Check function pointer whitelist for serviced query callback values. 152 * 153 * @param fptr: function pointer to check. 154 * @return false if not in whitelist. 155 */ 156int fptr_whitelist_serviced_query(comm_point_callback_type *fptr); 157 158/** 159 * Check function pointer whitelist for rbtree cmp callback values. 160 * 161 * @param fptr: function pointer to check. 162 * @return false if not in whitelist. 163 */ 164int fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *)); 165 166/** 167 * Check function pointer whitelist for lruhash sizefunc callback values. 168 * 169 * @param fptr: function pointer to check. 170 * @return false if not in whitelist. 171 */ 172int fptr_whitelist_hash_sizefunc(lruhash_sizefunc_type fptr); 173 174/** 175 * Check function pointer whitelist for lruhash compfunc callback values. 176 * 177 * @param fptr: function pointer to check. 178 * @return false if not in whitelist. 179 */ 180int fptr_whitelist_hash_compfunc(lruhash_compfunc_type fptr); 181 182/** 183 * Check function pointer whitelist for lruhash delkeyfunc callback values. 184 * 185 * @param fptr: function pointer to check. 186 * @return false if not in whitelist. 187 */ 188int fptr_whitelist_hash_delkeyfunc(lruhash_delkeyfunc_type fptr); 189 190/** 191 * Check function pointer whitelist for lruhash deldata callback values. 192 * 193 * @param fptr: function pointer to check. 194 * @return false if not in whitelist. 195 */ 196int fptr_whitelist_hash_deldatafunc(lruhash_deldatafunc_type fptr); 197 198/** 199 * Check function pointer whitelist for lruhash markdel callback values. 200 * 201 * @param fptr: function pointer to check. 202 * @return false if not in whitelist. 203 */ 204int fptr_whitelist_hash_markdelfunc(lruhash_markdelfunc_type fptr); 205 206/** 207 * Check function pointer whitelist for module_env send_query callback values. 208 * 209 * @param fptr: function pointer to check. 210 * @return false if not in whitelist. 211 */ 212int fptr_whitelist_modenv_send_query(struct outbound_entry* (*fptr)( 213 struct query_info* qinfo, uint16_t flags, int dnssec, int want_dnssec, 214 int nocaps, struct sockaddr_storage* addr, socklen_t addrlen, 215 uint8_t* zone, size_t zonelen, int ssl_upstream, char* tls_auth_name, 216 struct module_qstate* q)); 217 218/** 219 * Check function pointer whitelist for module_env detach_subs callback values. 220 * 221 * @param fptr: function pointer to check. 222 * @return false if not in whitelist. 223 */ 224int fptr_whitelist_modenv_detach_subs(void (*fptr)( 225 struct module_qstate* qstate)); 226 227/** 228 * Check function pointer whitelist for module_env attach_sub callback values. 229 * 230 * @param fptr: function pointer to check. 231 * @return false if not in whitelist. 232 */ 233int fptr_whitelist_modenv_attach_sub(int (*fptr)( 234 struct module_qstate* qstate, struct query_info* qinfo, 235 uint16_t qflags, int prime, int valrec, struct module_qstate** newq)); 236 237/** 238 * Check function pointer whitelist for module_env add_sub callback values. 239 * 240 * @param fptr: function pointer to check. 241 * @return false if not in whitelist. 242 */ 243int fptr_whitelist_modenv_add_sub(int (*fptr)(struct module_qstate* qstate, 244 struct query_info* qinfo, uint16_t qflags, int prime, int valrec, 245 struct module_qstate** newq, struct mesh_state** sub)); 246/** 247 * Check function pointer whitelist for module_env kill_sub callback values. 248 * 249 * @param fptr: function pointer to check. 250 * @return false if not in whitelist. 251 */ 252int fptr_whitelist_modenv_kill_sub(void (*fptr)(struct module_qstate* newq)); 253 254/** 255 * Check function pointer whitelist for module_env detect_cycle callback values. 256 * 257 * @param fptr: function pointer to check. 258 * @return false if not in whitelist. 259 */ 260int fptr_whitelist_modenv_detect_cycle(int (*fptr)( 261 struct module_qstate* qstate, struct query_info* qinfo, 262 uint16_t flags, int prime, int valrec)); 263 264/** 265 * Check function pointer whitelist for module init call values. 266 * 267 * @param fptr: function pointer to check. 268 * @return false if not in whitelist. 269 */ 270int fptr_whitelist_mod_init(int (*fptr)(struct module_env* env, int id)); 271 272/** 273 * Check function pointer whitelist for module deinit call values. 274 * 275 * @param fptr: function pointer to check. 276 * @return false if not in whitelist. 277 */ 278int fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id)); 279 280/** 281 * Check function pointer whitelist for module operate call values. 282 * 283 * @param fptr: function pointer to check. 284 * @return false if not in whitelist. 285 */ 286int fptr_whitelist_mod_operate(void (*fptr)(struct module_qstate* qstate, 287 enum module_ev event, int id, struct outbound_entry* outbound)); 288 289/** 290 * Check function pointer whitelist for module inform_super call values. 291 * 292 * @param fptr: function pointer to check. 293 * @return false if not in whitelist. 294 */ 295int fptr_whitelist_mod_inform_super(void (*fptr)( 296 struct module_qstate* qstate, int id, struct module_qstate* super)); 297 298/** 299 * Check function pointer whitelist for module clear call values. 300 * 301 * @param fptr: function pointer to check. 302 * @return false if not in whitelist. 303 */ 304int fptr_whitelist_mod_clear(void (*fptr)(struct module_qstate* qstate, 305 int id)); 306 307/** 308 * Check function pointer whitelist for module get_mem call values. 309 * 310 * @param fptr: function pointer to check. 311 * @return false if not in whitelist. 312 */ 313int fptr_whitelist_mod_get_mem(size_t (*fptr)(struct module_env* env, int id)); 314 315/** 316 * Check function pointer whitelist for alloc clear on id overflow call values. 317 * 318 * @param fptr: function pointer to check. 319 * @return false if not in whitelist. 320 */ 321int fptr_whitelist_alloc_cleanup(void (*fptr)(void*)); 322 323/** 324 * Check function pointer whitelist for tube listen handler values. 325 * 326 * @param fptr: function pointer to check. 327 * @return false if not in whitelist. 328 */ 329int fptr_whitelist_tube_listen(tube_callback_type* fptr); 330 331/** 332 * Check function pointer whitelist for mesh state callback values. 333 * 334 * @param fptr: function pointer to check. 335 * @return false if not in whitelist. 336 */ 337int fptr_whitelist_mesh_cb(mesh_cb_func_type fptr); 338 339/** 340 * Check function pointer whitelist for config_get_option func values. 341 * @param fptr: function pointer to check. 342 * @return false if not in whitelist. 343 */ 344int fptr_whitelist_print_func(void (*fptr)(char*,void*)); 345 346/** 347 * Check function pointer whitelist for inplace_cb_reply, 348 * inplace_cb_reply_cache, inplace_cb_reply_local and inplace_cb_reply_servfail 349 * func values. 350 * @param fptr: function pointer to check. 351 * @param type: the type of the callback function. 352 * @return false if not in whitelist. 353 */ 354int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_type* fptr, 355 enum inplace_cb_list_type type); 356 357/** 358 * Check function pointer whitelist for inplace_cb_query func values. 359 * @param fptr: function pointer to check. 360 * @return false if not in whitelist. 361 */ 362int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* fptr); 363 364/** 365 * Check function pointer whitelist for inplace_cb_edns_back_parsed func values. 366 * @param fptr: function pointer to check. 367 * @return false if not in whitelist. 368 */ 369int fptr_whitelist_inplace_cb_edns_back_parsed( 370 inplace_cb_edns_back_parsed_func_type* fptr); 371 372/** 373 * Check function pointer whitelist for inplace_cb_query_response func values. 374 * @param fptr: function pointer to check. 375 * @return false if not in whitelist. 376 */ 377int fptr_whitelist_inplace_cb_query_response( 378 inplace_cb_query_response_func_type* fptr); 379 380/** 381 * Check function pointer whitelist for serve_expired_lookup func values. 382 * @param fptr: function pointer to check. 383 * @return false if not in whitelist. 384 */ 385int fptr_whitelist_serve_expired_lookup(serve_expired_lookup_func_type* fptr); 386 387/** Due to module breakage by fptr wlist, these test app declarations 388 * are presented here */ 389/** 390 * compare two order_ids from lock-verify test app 391 * @param e1: first order_id 392 * @param e2: second order_id 393 * @return compare code -1, 0, +1 (like memcmp). 394 */ 395int order_lock_cmp(const void* e1, const void* e2); 396 397/** 398 * compare two codeline structs for rbtree from memstats test app 399 * @param a: codeline 400 * @param b: codeline 401 * @return compare code -1, 0, +1 (like memcmp). 402 */ 403int codeline_cmp(const void* a, const void* b); 404 405/** compare two replay_vars */ 406int replay_var_compare(const void* a, const void* b); 407 408#endif /* UTIL_FPTR_WLIST_H */ 409