mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2024-12-28 06:19:27 +00:00
16799db69a
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
48 lines
1.2 KiB
Perl
Executable File
48 lines
1.2 KiB
Perl
Executable File
#!/usr/bin/env perl
|
|
|
|
# Find functions making recursive calls to themselves.
|
|
# (Multiple recursion where a() calls b() which calls a() not covered.)
|
|
#
|
|
# When the recursion depth might depend on data controlled by the attacker in
|
|
# an unbounded way, those functions should use iteration instead.
|
|
#
|
|
# Typical usage: scripts/recursion.pl library/*.c
|
|
#
|
|
# Copyright The Mbed TLS Contributors
|
|
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
|
|
use warnings;
|
|
use strict;
|
|
|
|
use utf8;
|
|
use open qw(:std utf8);
|
|
|
|
# exclude functions that are ok:
|
|
# - mpi_write_hlp: bounded by size of mbedtls_mpi, a compile-time constant
|
|
# - x509_crt_verify_child: bounded by MBEDTLS_X509_MAX_INTERMEDIATE_CA
|
|
my $known_ok = qr/mpi_write_hlp|x509_crt_verify_child/;
|
|
|
|
my $cur_name;
|
|
my $inside;
|
|
my @funcs;
|
|
|
|
die "Usage: $0 file.c [...]\n" unless @ARGV;
|
|
|
|
while (<>)
|
|
{
|
|
if( /^[^\/#{}\s]/ && ! /\[.*]/ ) {
|
|
chomp( $cur_name = $_ ) unless $inside;
|
|
} elsif( /^{/ && $cur_name ) {
|
|
$inside = 1;
|
|
$cur_name =~ s/.* ([^ ]*)\(.*/$1/;
|
|
} elsif( /^}/ && $inside ) {
|
|
undef $inside;
|
|
undef $cur_name;
|
|
} elsif( $inside && /\b\Q$cur_name\E\([^)]/ ) {
|
|
push @funcs, $cur_name unless /$known_ok/;
|
|
}
|
|
}
|
|
|
|
print "$_\n" for @funcs;
|
|
exit @funcs;
|