Commit Graph

6841 Commits

Author SHA1 Message Date
Brian
c3d6fe9d72 Add CodeQL Workflow for Code Security Analysis
Add CodeQL Workflow for Code Security Analysis

This pull request introduces a CodeQL workflow to enhance the security analysis of our repository. CodeQL is a powerful static analysis tool that helps identify and mitigate security vulnerabilities in our codebase. By integrating this workflow into our GitHub Actions, we can proactively identify and address potential issues before they become security threats.

We added a new CodeQL workflow file (.github/workflows/codeql.yml) that
- Runs on every push and pull request to the main branch.
- Excludes queries with a high false positive rate or low-severity findings.
- Does not display results for third-party code, focusing only on our own codebase.

Testing:
To validate the functionality of this workflow, we have run several test scans on the codebase and reviewed the results. The workflow successfully compiles the project, identifies issues, and provides actionable insights while reducing noise by excluding certain queries and third-party code.

Deployment:
Once this pull request is merged, the CodeQL workflow will be active and automatically run on every push and pull request to the main branch. To view the results of these code scans, please follow these steps:
1. Under the repository name, click on the Security tab.
2. In the left sidebar, click Code scanning alerts.

Additional Information:
- You can further customize the workflow to adapt to your specific needs by modifying the workflow file.
- For more information on CodeQL and how to interpret its results, refer to the GitHub documentation and the CodeQL documentation.

Signed-off-by: Brian <bayuan@purdue.edu>
2024-02-19 20:03:32 +01:00
Kirill Lokotkov
93821fc437 Fixed netdb.c when LWIP_SOCKET_HAVE_SA_LEN == 0
Fields sin6_len and sin_len are always used in the file but not all implementations of sockaddr_in or sockaddr_in6 have this fields (including Linux implementation).
Added #if-check to avoid compilation errors in such cases.
2024-02-19 18:13:28 +01:00
Kirill Lokotkov
7c494b3829 Added "lwip/errno.h" to netdb.c includes
Defines EINVAL and ERANGE are used in the file but not included directly. When I try to use <sys/socket.h> and <arpa/inet.h> as LWIP_SOCKET_EXTERNAL_HEADERS it causes errors with this defines.
2024-02-19 18:13:28 +01:00
Sebastian Michel
e1b8080346 contrib: fixed c++ compatibility of unix port 2024-02-19 18:04:02 +01:00
Simon Goldschmidt
347054b329 Fix C++ compatibility of newly added function lwip_memcmp_consttime() 2024-01-09 21:26:40 +01:00
Simon Goldschmidt
c167a54540 ppp: use constant-time memcmp for checking credentials
See #65119
2024-01-09 21:23:11 +01:00
Simon Goldschmidt
25de99d1c1 Introduce constant-time memcmp and use it for snmpv3_get_engine_boots
See #65118
2024-01-09 21:14:49 +01:00
Simon Goldschmidt
09d929f7ff Fix uninitialized variable warning introduced with last commit
(at least reported by MS-VS C compiler)
2024-01-09 20:51:10 +01:00
Renzo Davoli
83abc8714c avoid callbacks for unsuccessful lwip_accept
See bug #64780
2024-01-09 20:45:05 +01:00
Simon Goldschmidt
09188668c7 update tinydir.h to newest version (1.2.6)
Update to cxong/tinydir version 1.2.6 commit 8124807 ("Fix buffer overflow in tinydir_file_open with long path names")

Although we're not affected of this bug, prevent others copying from our repo being affected...
2024-01-04 22:00:56 +01:00
Simon Goldschmidt
b413b04093 makefsdata: fix buffer corruption with very long paths
See bug #64941
2023-11-29 22:03:46 +01:00
Simon Goldschmidt
ee1523630a httpc with LWIP_HTTPC_HAVE_FILE_IO: fix heap buffer overflow for long local filenames
See bug #64940
2023-11-29 21:35:38 +01:00
Erik Ekman
5e3268cf3e src/core: Fix speling issues
Found by codespell
2023-10-14 18:16:49 +02:00
Erik Ekman
8c1190143c Ignore vim swap files 2023-10-14 18:10:30 +02:00
Erik Ekman
5e45328bb5 src/apps: Fix speling issues
Found by codespell
2023-10-14 18:08:00 +02:00
Erik Ekman
b6b20613ce src/api: Fix speling issues
Found by codespell
2023-10-14 18:04:35 +02:00
Erik Ekman
e7abb85d63 contrib: Fix speling issues
Found by codespell
2023-10-14 18:01:37 +02:00
Erik Ekman
3c06267d8e apps/http_client: Fix speling issues
Found by codespell
2023-10-14 17:51:01 +02:00
Erik Ekman
0ab52ff447 PPP: Fix speling issues
Found by codespell
2023-10-14 17:51:01 +02:00
Erik Ekman
20c9b117e1 test: Fix speling issues
Found by codespell
2023-10-14 17:51:01 +02:00
Erik Ekman
34516d5c2e Update codespell false positives 2023-10-14 17:51:01 +02:00
Florian La Roche
670a2f0827 Fix typos
From patch #10399
2023-10-14 17:34:13 +02:00
Simon Goldschmidt
1eeb70fbfa dhcp: fix memory corruption when LWIP_DHCP_MAX_DNS_SERVERS > DNS_MAX_SERVERS
see patch #10124
2023-10-12 22:08:14 +02:00
Simon Goldschmidt
b9ca1deba8 Fix building with ISO C90
This fixes the changes of commit 574bd6e5aa
2023-10-12 21:41:49 +02:00
Simon Goldschmidt
efe78e7e5b pbuf_cat: add a simple check to ensure we don't cat the same pbuf to itself 2023-10-12 21:34:11 +02:00
Simon Goldschmidt
6864eb1749 unixlib: LWIP_LISTEN_BACKLOG -> TCP_LISTEN_BACKLOG
see patch #10116
2023-10-12 21:10:53 +02:00
David Fries
35cbad52cc Document that sntp_setservername doesn't copy the string
I was expecting the string to be duplicated, doing a Google search
shows others did as well.
2023-10-12 21:04:11 +02:00
duckpowerMB
574bd6e5aa tcp_in : fix ooseq update error
if a pbuf received with the same seqno in ooseq ,
we then check  the size and replace the existing one
with the larger one,but if the existing one is the
last segment in ooseq ,it might has been trimed before.
the replacing action will overrun our receive windows

see patch #10106 and bug #56397
2023-10-12 21:00:21 +02:00
Thomas Kindler
de0b97861a Fix bug #60681: Initialize custom data in pbuf struct
Add a #define that users can use to initialize LWIP_PBUF_CUSTOM_DATA fields.

see patch #10072
idea by Thomas Kindler <mail_lwip@t-kindler.de>
2023-10-12 20:29:16 +02:00
Simon Goldschmidt
f5e7e8e576 pbuf: pbuf_get_contiguous: allow passing NULL for buffer to prevent copying
see bug #62832
2023-10-12 08:26:00 +02:00
Faidon Liambotis
4f88651247 Add MEM_CUSTOM_ALLOCATOR and make LIBC a subset of it
Allow one to provide a custom implementation of free/malloc/calloc
instead of the lwip internal allocator. The code to use the libc's
implementation already existed, so generalize the existing code and make
the libc variant a specialized case of this new capability, retaining
full backwards compatibility.
2023-10-11 21:45:55 +02:00
Simon Goldschmidt
e01c9a9504 dhcp: set LWIP_DHCP_DISCOVER_ADD_HOSTNAME==1 by DEFAULT_ACCEPTMBOX_SIZE
see bug #63457
2023-10-11 21:39:48 +02:00
Simon Goldschmidt
90a440eafd sockets: fix socket leak when using setsockopt/getsockopt hook with LWIP_NETCONN_FULLDUPLEX==1
see bug #63458
2023-10-11 21:23:32 +02:00
Simon Goldschmidt
583f352f60 altcp_mbedtls: don't ignore return value of mbedtls_ssl_flush_output
see bug #64045/task #16283
2023-10-11 21:18:56 +02:00
Simon Goldschmidt
7fd1350802 sockets: fix bug #63898: allow socket option IPV6_CHECKSUM for both IPPROTO_IPV6 and IPPROTO_RAW
See bug #63898
2023-10-10 22:27:03 +02:00
Simon Goldschmidt
c8d9adde0f win32 port: fix linking x64 with pcap 2023-10-10 22:24:29 +02:00
Simon Goldschmidt
e655b41a49 win32 port: allow "edit-and-continue" by disabling /SAFESEH 2023-10-10 21:58:56 +02:00
Simon Goldschmidt
2e650364fa win32 port: fix wrong intermediate directories 2023-10-10 20:43:55 +02:00
Simon Goldschmidt
ab1f582043 httpd: fix bug #64458: When tcp_err() is invoked, tcp_pcb is freed but httpd_post_finished() is not called by httpd.c 2023-10-10 20:40:42 +02:00
Simon Goldschmidt
b5f6720f88 apps/tftp: fix compiling for 64-bit 2023-10-10 20:39:45 +02:00
Simon Goldschmidt
5ec4c1d1f2 ping: fix compiling in dual-stack mode 2023-10-10 20:15:49 +02:00
Simon Goldschmidt
9e2fb2806f unittests: fix compiling in release mode 2023-10-10 20:14:52 +02:00
Simon Goldschmidt
4323e95dce win32 port: add x64 configurations 2023-10-10 20:14:16 +02:00
Simon Goldschmidt
66ef250b8c Fix running IPv6 reassembly unit tests on 64-bit 2023-10-10 19:59:06 +02:00
Simon Goldschmidt
c8f42025ce ipv6 reassembly: fix detecting holes in reassembled packets
Added unit test for reassembly.

See bug #64767
2023-10-10 16:31:16 +02:00
Simon Goldschmidt
16e8ef3145 ipv6: fix ip6_current_header() after reassembly
ip6_current_header() should point to the header before the reassembled data,
not to the first received pbuf (not necessarily the same).

See bug #64031
2023-10-10 16:31:09 +02:00
Simon Goldschmidt
76c7ac5cf9 posixlib: fix posixlib/CMakeLists.txt 2023-10-05 20:30:54 +02:00
Simon Goldschmidt
98e63b6acf apps: http client: improve the HTTP client; ensure connection settings are passed
Without connection settings, the caller is not informed of success vs failure of a transfer.
See bug #63554
2023-10-04 22:26:22 +02:00
Simon Goldschmidt
20f6ac7426 msvc: clean up duplicate use of intermediate directories 2023-10-04 21:42:42 +02:00
Simon Goldschmidt
0627c55c51 ping: fix assert in ping_init() 2023-10-04 21:36:00 +02:00