char * prototype_parameter_type(prototype *plist, int pcount, char* function, int pnum, int ptotal) { int index=prototypes_find(plist,pcount,function); int total_parameters; if (index>-1) { total_parameters=plist[index].parameters.total_parameters; char* rp_type=NULL; int i=0; for (i=0;i<total_parameters;i++) { if (strstr(plist[index].parameters.types[i],"rp")!=NULL) rp_type=plist[index].parameters.types[i]; if (rp_type==NULL) { if (i==pnum) { return strcpy_malloc(plist[index].parameters.types[pnum]); } } else { if (pnum==ptotal-1) { //printf("READ1:%s %d-%d\n",plist[index].parameters.types[pnum],pnum,ptotal); return strcpy_malloc(plist[index].parameters.types[total_parameters-1]); } else { //printf("READ2:%s\n",rp_type); return strcpy_malloc(rp_type); } } } } return strcpy_malloc(""); }
void uprototypes_read_methods(char * file, prototype ** plist, int *pcount) { FILE * fp = fopen(file, "r"); if (fp == NULL) die("Failed to read PHP user method proptypes\n"); char line[200]; int i = 0; *plist=NULL; prototype * list=*plist; *pcount=0; int methods_started=0; for (i = 0; fgets(line,sizeof line,fp)!=NULL; i++) { //skip the first part of the file if (!methods_started) { if (strcmp(line,">methods\n")==0) methods_started=1; continue; } if (line==NULL || strlen(line)<2) break; if (line[0]!='\t') { (*pcount)++; list=(prototype *)realloc(list, (*pcount) * sizeof(prototype)); if (list == NULL) die("realloc failed\n"); (list[*pcount-1]).name=strcpy_malloc(line); int t=strlen((list[*pcount-1]).name); for (t=t;t>=0;t--) { if ((list[*pcount-1]).name[t]=='\n') { (list[*pcount-1]).name[t]='\0'; break; } } //printf("%s\n",list[*pcount-1]); list[*pcount-1].parameters.total_parameters=0; list[*pcount-1].parameters.types=NULL; list[*pcount-1].return_type=NULL; } else if (line[0]=='\t' && line[1]!='\t') { int total=++(list[*pcount-1].parameters.total_parameters); list[*pcount-1].parameters.types=(char **)realloc(list[*pcount-1].parameters.types, total*sizeof(char **) ); if (list[*pcount-1].parameters.types == NULL) die("realloc failed\n"); list[*pcount-1].parameters.types[total-1] = strcpy_malloc(&(line[1])); //kill the trailing \n; list[*pcount-1].parameters.types[total-1][strlen(list[*pcount-1].parameters.types[total-1])-1]='\0'; } else if (line[0]=='\t' && line[1]=='\t') { list[*pcount-1].return_type=strcpy_malloc(&(line[2])); //kill the trailing \n; list[*pcount-1].return_type[strlen(list[*pcount-1].return_type)-1]='\0'; } } *plist=list; fclose(fp); }
/* but not too often */ void request_and_resend (int sock, char * contact, keyset kset) { if (get_counter (contact) <= 0) { printf ("unable to request and resend for %s, peer not found\n", contact); return; } /* printf ("request_and_resend (socket %d, peer %s)\n", sock, peer); */ static char * old_contact = NULL; /* if it is the same peer as on the last call, we do nothing */ if ((old_contact != NULL) && (strcmp (contact, old_contact) == 0)) { /* printf ("request_and_resend (%s), same as old peer\n", peer); */ return; } if (old_contact != NULL) free (old_contact); old_contact = strcpy_malloc (contact, "request_and_resend contact"); /* request retransmission of any missing messages */ int hops = 10; send_retransmit_request (contact, kset, sock, hops, ALLNET_PRIORITY_LOCAL_LOW); /* resend any unacked messages, but no more than once every hour */ static time_t last_resend = 0; time_t now = time (NULL); if (now - last_resend > 3600) { last_resend = now; resend_unacked (contact, kset, sock, hops, ALLNET_PRIORITY_LOCAL_LOW, 10); } }
char * get_filename_only(char * path) { char *res; int last_slash=0; int i; for (i=0 ; i<strlen(path) ; i++) { if (path[i]=='/') last_slash=i; } res=strcpy_malloc(path+last_slash+1); return res; }
char * category_find_guard(taint_category_list *tc_list, char * function, int is_sink) { //linear search, I expect taint categories to be very sort. for (int i=0; i<tc_list->count; i++) { taint_category * tc = tc_list->categories[i]; if (is_sink) { for (int j = 0; j < tc->gcount; j++) { if (strcmp(function, tc->glist[j]->name) == 0) return strcpy_malloc(tc->glist[j]->sink); } } else { for (int j = 0; j < tc->scount; j++) { if (strcmp(function, tc->slist[j]->name) == 0) return strcpy_malloc(tc->slist[j]->sink); } } } return NULL; }
/* * Parsing of console arguments. Plus, copying of the php aspis lib to the output */ int my_main(int argc, char* argv[], char** aspis_home, char** outfilepath_ex, char** taintsfilepath_ex, char** prototypesfilepath, char** categoriesfilepath, char** filename) { int i; printf(">>Parameters used:\n"); for (i = 0; i < argc; i++) printf("\t%d. %s\n", i, argv[i]); //read the configuration parameters from the arguments char * m = locate_param(argv, argc, "-mode"); if (m != NULL) is_online = strcmp(m, "online") == 0; else is_online = 0; outpath = locate_param(argv, argc, "-out"); infile = locate_param(argv, argc, "-in"); fused = locate_param(argv, argc, "-fused"); taintspath = locate_param(argv, argc, "-taints"); *prototypesfilepath = locate_param(argv, argc, "-prototypes"); *categoriesfilepath = locate_param(argv, argc, "-categories"); *aspis_home=strcpy_malloc(getenv("ASPIS_HOME")); //stop if help was requested or if we had an invalid configuration int asks_for_help = argc==2 && strcmp(argv[1],"help")==0; if (asks_for_help || infile==NULL ) { if (!is_online) print_usage(); else exit(1); } if (fused!=NULL && strcmp(fused,"on")==0) COLLECT_INFO=1; if (*categoriesfilepath==NULL && !COLLECT_INFO) die("I need a category file."); if (infile==NULL) die("I need a file to transform."); if (*aspis_home==NULL) die("ASPIS_HOME environmental variable is not set."); //now set up the environment according to the arguments if (!setin(infile)) die(">>Cannot set the infile"); *filename = infile; if (outpath != NULL && !is_online) { //construct the output file name. This will have the same name as the input //file, but placed inside the outpath directory. struct stat st; if (!COLLECT_INFO && stat(outpath, &st) != 0) { if (mkdir(outpath, 0777)) die("cannot create an outpath"); } char * tok; char * inpathc = (char*) malloc((strlen(infile) + 1) * sizeof (char)); strcpy(inpathc, infile); char * name = strtok(inpathc, "/"); while ((tok = strtok(NULL, "/")) != NULL) { name = tok; } outfile = (char*) malloc((strlen(outpath) + strlen(name) + 200) * sizeof (char)); strcat(outfile, outpath); if (outfile[strlen(outfile - 1)] != '/') strcat(outfile, "/"); strcat(outfile, name); if (!COLLECT_INFO) { add_runtime_variables(*aspis_home, *categoriesfilepath, 0); copy_includes(*aspis_home,*categoriesfilepath); } } else outfile = outpath; if (!is_online) { printf("Input File: %s\nOutput Dir:%s\nOutput File:%s\n", infile, outpath, outfile); printf("Detected filename: %s\n", infile); printf("----------------------------------\n\n"); fflush(stdout); } *outfilepath_ex = outfile; *taintsfilepath_ex = taintspath; return 0; }
static int handle_clear (struct allnet_header * hp, char * data, int dsize, char ** contact, char ** message, int * verified, int * broadcast) { if (hp->sig_algo == ALLNET_SIGTYPE_NONE) { #ifdef DEBUG_PRINT printf ("ignoring unsigned clear packet of size %d\n", dsize); #endif /* DEBUG_PRINT */ return 0; } struct allnet_app_media_header * amhp = (struct allnet_app_media_header *) data; char * verif = data; int media = 0; if (dsize >= sizeof (struct allnet_app_media_header) + 2) media = readb32u (amhp->media); if ((media != ALLNET_MEDIA_TEXT_PLAIN) && (media != ALLNET_MEDIA_TIME_TEXT_BIN)) { #ifdef DEBUG_PRINT printf ("handle_clear ignoring unknown media type %08x, dsize %d\n", media, dsize); #endif /* DEBUG_PRINT */ return 0; } int ssize = readb16 (data + (dsize - 2)) + 2; /* size of the signature */ if ((ssize <= 2) || (dsize <= ssize)) { printf ("data packet size %d less than sig %d, dropping\n", dsize, ssize); return 0; } data += sizeof (struct allnet_app_media_header); int text_size = dsize - sizeof (struct allnet_app_media_header) - ssize; char * sig = data + text_size; #ifdef DEBUG_PRINT printf ("data size %d, text %d + sig %d\n", dsize, text_size, ssize); #endif /* DEBUG_PRINT */ struct bc_key_info * keys; int nkeys = get_other_keys (&keys); int i; /* print_buffer (verif, dsize - ssize, "verifying BC message", dsize, 1); */ for (i = 0; i < nkeys; i++) { if ((matches ((unsigned char *) (keys [i].address), ADDRESS_BITS, hp->source, hp->src_nbits) > 0) && (allnet_verify (verif, dsize - ssize, sig, ssize - 2, keys [i].pub_key))) { *contact = strcpy_malloc (keys [i].identifier, "handle_message broadcast contact"); *message = malloc_or_fail (text_size + 1, "handle_clear message"); memcpy (*message, data, text_size); (*message) [text_size] = '\0'; /* null-terminate the message */ *broadcast = 1; *verified = 1; #ifdef DEBUG_PRINT printf ("verified bc message, contact %s, %d bytes\n", keys [i].identifier, text_size); #endif /* DEBUG_PRINT */ return text_size; } #ifdef DEBUG_PRINT else { printf ("matches (%02x%02x, %02x%02x/%d) == %d\n", keys [i].address [0] & 0xff, keys [i].address [1] & 0xff, hp->source [0] & 0xff, hp->source [1] & 0xff, hp->src_nbits, matches (keys [i].address, ADDRESS_BITS, hp->source, hp->src_nbits)); printf ("verify (%p/%d, %p/%d, %p/%d) == %d\n", data, dsize - ssize, sig, ssize - 2, keys [i].pub_key, keys [i].pub_klen, verify (data, dsize - ssize, sig, ssize - 2, keys [i].pub_key, keys [i].pub_klen)); } #endif /* DEBUG_PRINT */ } printf ("unable to verify bc message\n"); return 0; /* did not match */ }
//taint category functions taint_category_list * category_file_read(char * file) { taint_category_list *ret=(taint_category_list *)malloc(sizeof(taint_category_list)); ret->count=0; ret->categories=NULL; if (file==NULL) return ret; FILE * fp = fopen(file, "r"); if (fp == NULL) die("Failed to read the taint category file provided\n"); char line[200]; while (fscanf(fp, "%s\n", (char*) line)>0) { //category loop if (strcmp(line,"begin")==0) { taint_category *tc=(taint_category *)malloc(sizeof(taint_category)); tc->glist=NULL; tc->gcount=0; tc->flist=NULL; tc->fcount=0; tc->slist=NULL; tc->scount=0; int reading_sanitisation=0; int reading_sinks=0; int reading_sources=0; while (1) { if (fscanf(fp,"%s\n",(char *)line)==0) break; if (strcmp(line,"end")==0) break; else if (strcmp(line,">sanitisation")==0) { reading_sanitisation=1; continue; } else if (strcmp(line,">sinks")==0) { reading_sanitisation=0; reading_sinks=1; continue; } else if (strcmp(line,">sources")==0) { reading_sanitisation=0; reading_sinks=0; reading_sources=1; continue; } if (reading_sanitisation) { tc->fcount++; tc->flist=(char **)realloc(tc->flist, tc->fcount * (sizeof(char *)) ); if (tc->flist == NULL) die("realloc failed\n"); tc->flist[tc->fcount-1]=strcpy_malloc(line); } else if (reading_sinks || reading_sources) { char *tok1=strtok((char *)line,"->"); char *tok2=strtok((char *)NULL,"->"); if (tok1!=NULL && tok2!=NULL) { guard * g=(guard *)malloc(sizeof(guard)); g->name = strcpy_malloc(tok1); g->sink = strcpy_malloc(tok2); if (reading_sinks) { tc->gcount++; tc->glist = (guard **) realloc(tc->glist, tc->gcount * (sizeof (guard *))); if (tc->glist == NULL) die("realloc failed\n"); tc->glist[tc->gcount - 1] = g; } else if (reading_sources) { tc->scount++; tc->slist = (guard **) realloc(tc->glist, tc->scount * (sizeof (guard *))); if (tc->slist == NULL) die("realloc failed\n"); tc->slist[tc->scount - 1] = g; } } else die("Invalid guard in the category file"); } } //add to the category list ret->count++; ret->categories=(taint_category **)realloc(ret->categories, ret->count*sizeof(taint_category *)); ret->categories[ret->count-1]=tc; } } fclose(fp); return ret; }
char * prototype_return_type(prototype * plist, int pcount, char* function) { int index=prototypes_find(plist,pcount,function); if (index>-1) return strcpy_malloc(plist[index].return_type); else return strcpy_malloc(""); }