Add TD7

content/secu_logicielle/td7-analyse_statique_dynamique/files/q1/Makefile

@@ -0,0 +1,22 @@
+CFLAGS=-g -Wall -Wextra -Wno-unused-parameter
+LDLIBS=-lpthread
+C=$(wildcard *.c)
+O=$(C:.c=)
+A=$(C:.c=.asan)
+L=$(C:.c=.lsan)
+U=$(C:.c=.usan)
+T=$(C:.c=.tsan)
+
+all: $O $A $U $T
+
+%.asan: %.c
+	$(CC) -fsanitize=address -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.lsan: %.c
+	$(CC) -fsanitize=leak -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.usan: %.c
+	$(CC) -fsanitize=undefined -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.tsan: %.c
+	$(CC) -fsanitize=thread -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+
+clean:
+	rm -f $O $A $L $U $T

content/secu_logicielle/td7-analyse_statique_dynamique/files/q1/getpw.c

@@ -0,0 +1,10 @@
+#define _GNU_SOURCE
+#include <pwd.h>
+#include <stdio.h>
+
+int main(void) {
+	char buf[12];
+	getpw(0, buf);
+	printf("%s\n", buf);
+	return 0;
+}

content/secu_logicielle/td7-analyse_statique_dynamique/files/q1/mktemp.c

@@ -0,0 +1,18 @@
+#include <stdlib.h>
+#include <fcntl.h>
+#include <stdio.h>
+
+int main(void) {
+	char name[] = "/tmp/mytest-XXXXXX";
+	int ret;
+
+	ret = mktemp(name);
+	if (ret < 0)
+		perror("mktemp");
+	ret = open(name, O_RDWR|O_CREAT|O_TRUNC, 0600);
+	if (ret < 0)
+		perror("open");
+	else
+		printf("ok\n");
+	return 0;
+}

content/secu_logicielle/td7-analyse_statique_dynamique/files/q2/Makefile

@@ -0,0 +1,22 @@
+CFLAGS=-g -Wall -Wextra -Wno-unused-parameter
+LDLIBS=-lpthread
+C=$(wildcard *.c)
+O=$(C:.c=)
+A=$(C:.c=.asan)
+L=$(C:.c=.lsan)
+U=$(C:.c=.usan)
+T=$(C:.c=.tsan)
+
+all: $O $A $U $T
+
+%.asan: %.c
+	$(CC) -fsanitize=address -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.lsan: %.c
+	$(CC) -fsanitize=leak -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.usan: %.c
+	$(CC) -fsanitize=undefined -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.tsan: %.c
+	$(CC) -fsanitize=thread -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+
+clean:
+	rm -f $O $A $L $U $T

content/secu_logicielle/td7-analyse_statique_dynamique/files/q2/test-leak.c

@@ -0,0 +1,24 @@
+#include <stdlib.h>
+#include <stdio.h>
+
+static char *f(void) {
+	char *c = malloc(10);
+	char *d = malloc(20);
+	c[0] = 0;
+	d[0] = 0;
+	return c;
+}
+
+static void g(void) {
+	char *e = f();
+	printf("%p\n", e);
+}
+
+static void h(void) {
+	g();
+}
+
+int main(void) {
+	h();
+	return 0;
+}

content/secu_logicielle/td7-analyse_statique_dynamique/files/q2/test-reachable-leak.c

@@ -0,0 +1,9 @@
+#include <stdlib.h>
+
+char *c;
+
+int main(void) {
+	c = malloc(10);
+	c[0] = 0;
+	return 0;
+}

content/secu_logicielle/td7-analyse_statique_dynamique/files/q3/Makefile

@@ -0,0 +1,22 @@
+CFLAGS=-g -Wall -Wextra -Wno-unused-parameter
+LDLIBS=-lpthread
+C=$(wildcard *.c)
+O=$(C:.c=)
+A=$(C:.c=.asan)
+L=$(C:.c=.lsan)
+U=$(C:.c=.usan)
+T=$(C:.c=.tsan)
+
+all: $O $A $U $T
+
+%.asan: %.c
+	$(CC) -fsanitize=address -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.lsan: %.c
+	$(CC) -fsanitize=leak -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.usan: %.c
+	$(CC) -fsanitize=undefined -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.tsan: %.c
+	$(CC) -fsanitize=thread -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+
+clean:
+	rm -f $O $A $L $U $T

content/secu_logicielle/td7-analyse_statique_dynamique/files/q3/test-uninitialized-printf.c

@@ -0,0 +1,14 @@
+#include <stdlib.h>
+#include <stdio.h>
+
+void f(char foo) {
+	printf("foo is %d\n", foo);
+}
+
+int main(void) {
+	char *c = malloc(10);
+	f(c[0]);
+	free(c);
+
+	return 0;
+}

content/secu_logicielle/td7-analyse_statique_dynamique/files/q3/test-uninitialized.c

@@ -0,0 +1,17 @@
+#include <stdlib.h>
+#include <stdio.h>
+
+void f(char foo) {
+	if (foo == 0)
+		printf("foo is 0\n");
+	else
+		printf("foo is %d\n", foo);
+}
+
+int main(void) {
+	char *c = malloc(10);
+	f(c[0]);
+	free(c);
+
+	return 0;
+}

content/secu_logicielle/td7-analyse_statique_dynamique/files/q4/Makefile

@@ -0,0 +1,36 @@
+CFLAGS=-g -Wall -Wextra -Wno-unused-parameter
+LDLIBS=-lpthread
+C=$(wildcard *.c)
+O=$(C:.c=)
+A=$(C:.c=.asan)
+L=$(C:.c=.lsan)
+U=$(C:.c=.usan)
+T=$(C:.c=.tsan)
+
+
+pframe:
+	curl -o pframe.tgz  https://dept-info.labri.fr/~thibault/SecuLog/pframe.tgz && \
+		tar -xf pframe.tgz &&\
+		rm -rf pframe.tgz
+
+.gdbinit:
+
+configure: pframe .gdbinit
+	$(shell echo "python import pframe" > .gdbinit) 
+all: $O $A $U $T
+
+%.asan: %.c
+	$(CC) -fsanitize=address -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.lsan: %.c
+	$(CC) -fsanitize=leak -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.usan: %.c
+	$(CC) -fsanitize=undefined -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.tsan: %.c
+	$(CC) -fsanitize=thread -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+
+PHONY: gdb_% configure
+gdb_%: $(subst gdb_,,%)
+	PYTHONPATH=${PWD}/pframe${PYTHONPATH:+:${PYTHONPATH}} setarch -R gdb $<
+
+clean:
+	rm -f $O $A $L $U $T

content/secu_logicielle/td7-analyse_statique_dynamique/files/q4/test-undefined.c

@@ -0,0 +1,12 @@
+#include <stdio.h>
+#include <limits.h>
+
+int main(void) {
+	int i = INT_MAX;
+
+	i++;
+
+	printf("%d\n", i);
+
+	return 0;
+}

content/secu_logicielle/td7-analyse_statique_dynamique/files/q5/.gdbinit

@@ -0,0 +1 @@
+python import pframe

content/secu_logicielle/td7-analyse_statique_dynamique/files/q5/Makefile

@@ -0,0 +1,38 @@
+CFLAGS=-g -Wall -Wextra -Wno-unused-parameter
+LDLIBS=-lpthread
+C=$(wildcard *.c)
+O=$(C:.c=)
+A=$(C:.c=.asan)
+L=$(C:.c=.lsan)
+U=$(C:.c=.usan)
+T=$(C:.c=.tsan)
+
+pframe:
+	curl -o pframe.tgz  https://dept-info.labri.fr/~thibault/SecuLog/pframe.tgz && \
+		tar -xf pframe.tgz &&\
+		rm -rf pframe.tgz
+
+.gdbinit:
+
+configure: pframe .gdbinit
+	$(shell echo "python import pframe" > .gdbinit) 
+
+all: $O $A $U $T
+
+%.asan: %.c
+	$(CC) -fsanitize=address -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.lsan: %.c
+	$(CC) -fsanitize=leak -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.usan: %.c
+	$(CC) -fsanitize=undefined -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.tsan: %.c
+	$(CC) -fsanitize=thread -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+
+PHONY: gdb_% configure
+gdb_%: $(subst gdb_,,%)
+	PYTHONPATH=${PWD}/pframe${PYTHONPATH:+:${PYTHONPATH}} gdb $<
+
+
+PHONY: clean
+clean:
+	rm -f $O $A $L $U $T pframe .gdbinit

content/secu_logicielle/td7-analyse_statique_dynamique/files/q5/pframe/README

@@ -0,0 +1,9 @@
+Once unpacked this to, e.g. $HOME,
+
+- Add this to .bashrc:
+
+export PYTHONPATH=$HOME/pframe${PYTHONPATH:+:${PYTHONPATH}}
+
+- Add this to .gdbinit:
+
+python import pframe

content/secu_logicielle/td7-analyse_statique_dynamique/files/q5/pframe/__init__.py

@@ -0,0 +1 @@
+__all__ = [ "pframe" ]

content/secu_logicielle/td7-analyse_statique_dynamique/files/q5/pframe/pframe.py

@@ -0,0 +1,93 @@
+import gdb
+
+class PrintFrame (gdb.Command):
+
+    def __init__ (self):
+        super (PrintFrame, self).__init__ ("pframe", gdb.COMMAND_STACK)
+
+    def syntax (self):
+        print("Syntax: pframe[/nn][/-mm] where nn is the number of longs to be printed above sp (16 by default) and mm is the number of longs to be printed below sp (0 by default in 32bit, 16 by default in 64bit)")
+
+    def invoke (self, arg, from_tty):
+        try:
+            wordstar = gdb.lookup_type("unsigned long").pointer()
+            wordsize = gdb.lookup_type("unsigned long").sizeof
+
+            nabove = 16
+            if wordsize == 4:
+                nbelow = 0
+            else:
+                nbelow = 16
+
+            if arg:
+                l = arg.split('/')
+                if l[0] != '':
+                    self.syntax()
+                    return
+                for i in l[1:]:
+                    try:
+                        n = int(i)
+                        if n >= 0:
+                            nabove = n
+                        if n < 0:
+                            nbelow = -n
+                    except:
+                        self.syntax()
+                        return
+
+            frame = gdb.selected_frame()
+            sp = frame.read_register('sp')
+            if wordsize == 4:
+                bp = frame.read_register('ebp')
+                ip = frame.read_register('eip')
+            else:
+                bp = frame.read_register('rbp')
+                ip = frame.read_register('rip')
+            last = -nbelow*wordsize-1
+            prevbp = bp.cast(wordstar).dereference()
+
+            if bp >= sp and bp < sp + 512:
+                start = bp - sp + wordsize*8
+            else:
+                start = 0
+            if start < wordsize*nabove:
+                start = wordsize*nabove
+
+            for offset in range(start, last, -wordsize):
+                addr = sp + offset
+                s = '0x{:x}'.format(int(addr))
+
+                if ip >= addr and ip < addr + wordsize:
+                    s += ' ip'
+                else:
+                    s += '   '
+
+                if addr == bp:
+                    s += '   bp'
+                elif bp >= sp and addr == bp + wordsize:
+                    s += ' ret@'
+                elif bp >= sp and addr == bp + 2*wordsize and (prevbp == 0 or addr < prevbp):
+                    s += ' arg1'
+                elif bp >= sp and addr == bp + 3*wordsize and (prevbp == 0 or addr < prevbp):
+                    s += ' arg2'
+                elif bp >= sp and addr == bp + 4*wordsize and (prevbp == 0 or addr < prevbp):
+                    s += ' arg3'
+                elif bp >= sp and addr == bp + 5*wordsize and (prevbp == 0 or addr < prevbp):
+                    s += ' ... '
+                else:
+                    s += '     '
+
+                if addr == sp:
+                    s += ' sp '
+                else:
+                    s += '    '
+
+                val = int(addr.cast(wordstar).dereference())
+                s += ('0x{:0'+str(wordsize*2)+'x}').format(val)
+                print(s)
+
+        except gdb.error:
+            print("Is the program running?")
+
+PrintFrame ()
+

content/secu_logicielle/td7-analyse_statique_dynamique/files/q5/test-overrun-data.c

@@ -0,0 +1,11 @@
+#include <stdlib.h>
+#include <stdio.h>
+
+char c[10];
+
+int main(void) {
+	c[10] = 1;
+	c[-1] = 1;
+
+	return 0;
+}

content/secu_logicielle/td7-analyse_statique_dynamique/files/q5/test-overrun-stack.c

@@ -0,0 +1,10 @@
+#include <stdlib.h>
+#include <stdio.h>
+
+int main(void) {
+	char c[10];
+	c[10] = 1;
+	c[-1] = 1;
+
+	return c[10];
+}

content/secu_logicielle/td7-analyse_statique_dynamique/files/q5/test-overrun.c

@@ -0,0 +1,10 @@
+#include <stdlib.h>
+#include <stdio.h>
+
+int main(void) {
+	char *c = malloc(10);
+	c[10] = 1;
+	free(c);
+
+	return 0;
+}

content/secu_logicielle/td7-analyse_statique_dynamique/files/q8/Makefile

@@ -0,0 +1,22 @@
+CFLAGS=-g -Wall -Wextra -Wno-unused-parameter
+LDLIBS=-lpthread
+C=$(wildcard *.c)
+O=$(C:.c=)
+A=$(C:.c=.asan)
+L=$(C:.c=.lsan)
+U=$(C:.c=.usan)
+T=$(C:.c=.tsan)
+
+all: $O $A $U $T
+
+%.asan: %.c
+	$(CC) -fsanitize=address -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.lsan: %.c
+	$(CC) -fsanitize=leak -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.usan: %.c
+	$(CC) -fsanitize=undefined -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+%.tsan: %.c
+	$(CC) -fsanitize=thread -fPIC $< -o $@ $(CFLAGS) $(LDLIBS)
+
+clean:
+	rm -f $O $A $L $U $T

content/secu_logicielle/td7-analyse_statique_dynamique/files/q8/test-expr.c

@@ -0,0 +1,11 @@
+#include <stdio.h>
+int main(int argc, char *argv[]) {
+	argc--; // program name is not really an argument
+
+	// Extract bit 0 to check for parity of the number of arguments
+	if ((argc & 1) == 0) {
+		printf("even number of arguments\n");
+	} else {
+		printf("odd number of arguments\n");
+	}
+}

content/secu_logicielle/td7-analyse_statique_dynamique/files/q8/test-expr_fix.c

@@ -0,0 +1,11 @@
+#include <stdio.h>
+int main(int argc, char *argv[]) {
+	argc--; // program name is not really an argument
+
+	// Extract bit 0 to check for parity of the number of arguments
+	if ((argc & 1) == 0) {
+		printf("even number of arguments\n");
+	} else {
+		printf("odd number of arguments\n");
+	}
+}