2018-04-04 23:44:29 +02:00
|
|
|
#!/usr/bin/env perl
|
2014-11-12 22:54:24 +01:00
|
|
|
|
|
|
|
# Find functions making recursive calls to themselves.
|
|
|
|
# (Multiple recursion where a() calls b() which calls a() not covered.)
|
|
|
|
#
|
|
|
|
# When the recursion depth might depend on data controlled by the attacker in
|
2021-12-21 06:14:10 +01:00
|
|
|
# an unbounded way, those functions should use iteration instead.
|
2014-11-12 22:54:24 +01:00
|
|
|
#
|
|
|
|
# Typical usage: scripts/recursion.pl library/*.c
|
2020-05-26 00:33:31 +02:00
|
|
|
#
|
2020-08-07 13:07:28 +02:00
|
|
|
# Copyright The Mbed TLS Contributors
|
2023-11-02 20:47:20 +01:00
|
|
|
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
2014-11-12 22:54:24 +01:00
|
|
|
|
|
|
|
use warnings;
|
|
|
|
use strict;
|
|
|
|
|
|
|
|
use utf8;
|
|
|
|
use open qw(:std utf8);
|
|
|
|
|
|
|
|
# exclude functions that are ok:
|
2015-04-08 12:49:31 +02:00
|
|
|
# - mpi_write_hlp: bounded by size of mbedtls_mpi, a compile-time constant
|
|
|
|
# - x509_crt_verify_child: bounded by MBEDTLS_X509_MAX_INTERMEDIATE_CA
|
2014-11-20 17:30:37 +01:00
|
|
|
my $known_ok = qr/mpi_write_hlp|x509_crt_verify_child/;
|
2014-11-12 22:54:24 +01:00
|
|
|
|
|
|
|
my $cur_name;
|
|
|
|
my $inside;
|
|
|
|
my @funcs;
|
|
|
|
|
|
|
|
die "Usage: $0 file.c [...]\n" unless @ARGV;
|
|
|
|
|
|
|
|
while (<>)
|
|
|
|
{
|
|
|
|
if( /^[^\/#{}\s]/ && ! /\[.*]/ ) {
|
|
|
|
chomp( $cur_name = $_ ) unless $inside;
|
|
|
|
} elsif( /^{/ && $cur_name ) {
|
|
|
|
$inside = 1;
|
|
|
|
$cur_name =~ s/.* ([^ ]*)\(.*/$1/;
|
|
|
|
} elsif( /^}/ && $inside ) {
|
|
|
|
undef $inside;
|
|
|
|
undef $cur_name;
|
|
|
|
} elsif( $inside && /\b\Q$cur_name\E\([^)]/ ) {
|
|
|
|
push @funcs, $cur_name unless /$known_ok/;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
print "$_\n" for @funcs;
|
|
|
|
exit @funcs;
|