lorenz.stechauner/BSc-Thesis
1
0
Fork 0
Code Activity

thesis: Finish 2.9

Browse Source
This commit is contained in:
Lorenz Stechauner
2025-08-19 11:44:23 +02:00
parent ced069df55
commit 30121e4543
2 changed files with 36 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
thesis/src/02.intercept.tex
View File

@@ -338,6 +338,10 @@ Example (\texttt{malloc}): \\
\texttt{return 0x1234; errno 0}, \\ \texttt{return 0x1234; errno 0}, \\
\texttt{return -1; errno ENOMEM}. \texttt{return -1; errno ENOMEM}.
Some libc functions return their results via a pointer which was previously given to them as an argument.
The \texttt{pipe} function is called with an \texttt{int} array of size two as argument and stores its two pipe ends into this array.
The \texttt{read} function is called with a pointer to a buffer and a corresponding size and stores its read data into this buffer.
Example (\texttt{pipe}): \\ Example (\texttt{pipe}): \\
\texttt{return 0; errno 0; fildes=[3,4]}, \\ \texttt{return 0; errno 0; fildes=[3,4]}, \\
\texttt{return -1; errno ENFILE}. \texttt{return -1; errno ENFILE}.
@@ -346,7 +350,6 @@ Example (\texttt{read}): \\
\texttt{return 12; errno 0; buf=0x7fff70:"Hello World!"}, \\ \texttt{return 12; errno 0; buf=0x7fff70:"Hello World!"}, \\
\texttt{return -1; errno EINTR}. \texttt{return -1; errno EINTR}.
\todo{Explain Examples}
\section{Determining Function Call Location}\label{sec:determining-function-call-location} \section{Determining Function Call Location}\label{sec:determining-function-call-location}
@@ -558,7 +561,7 @@ Furthermore, it is possible to check various pre- and post-conditions for each f
This is beneficial because many library functions in C rely on these pre- and post-conditions, which are not enforced by the compiler or in any other way. This is beneficial because many library functions in C rely on these pre- and post-conditions, which are not enforced by the compiler or in any other way.
For example, the \texttt{malloc} function has the post-condition that the returned value later needs to be passed to \texttt{free} to avoid memory leaks. For example, the \texttt{malloc} function has the post-condition that the returned value later needs to be passed to \texttt{free} to avoid memory leaks.
The \texttt{free} function, on the other hand, has the pre-condition that the passed value was previously acquired using \texttt{malloc} and may not be yet free'd. The \texttt{free} function, on the other hand, has the pre-condition that the passed value was previously acquired using \texttt{malloc} and may not be yet freed.
Any violation of such pre- and post-conditions may be reported as non-compliant behavior. Any violation of such pre- and post-conditions may be reported as non-compliant behavior.
\cite{malloc.3} \cite{malloc.3}
@@ -568,13 +571,34 @@ Another important post-condition of most library functions is the return value,
However, intercepting of calls alone may not be able to verify if a program really checks the return value of a function and acts accordingly. However, intercepting of calls alone may not be able to verify if a program really checks the return value of a function and acts accordingly.
Chapter~\ref{ch:manipulating-function-calls} shows how this problem may be solved. Chapter~\ref{ch:manipulating-function-calls} shows how this problem may be solved.
\subsection{Validating Memory Management}\label{subsec:testing-memory-management} \subsection{Validating Memory Management}\label{subsec:testing-memory-management}
Lorem Ipsum. The most basic memory management functions in the C standard library are the following.
(malloc, calloc, realloc, free, getaddrinfo, freeaddrinfo).
\begin{description}
\item[\texttt{malloc}, \texttt{calloc}]
Allocate memory. \cite{malloc.3}
\item[\texttt{realloc}, \texttt{reallocarray}]
Change the size of a previously allocated memory block and possibly move the block to another position in virtual memory. \cite{malloc.3}
\item[\texttt{free}]
Free previously allocated memory. \cite{malloc.3}
\item[\texttt{getaddrinfo}]
Allocate and initialize a linked list of \texttt{addrinfo} structures. \cite{getaddrinfo.3}
\item[\texttt{freeaddrinfo}]
Frees memory previously allocated by \texttt{getaddrinfo} for the dynamically allocated linked list. \cite{getaddrinfo.3}
\item[\texttt{getline}, \texttt{getdelim}]
Used to split strings.
Allocate memory on their own, which must be freed afterward. \cite{getline.3}
\end{description}
By only intercepting these functions, it is possible to check if all allocated memory blocks in a simple program were properly allocated and freed.
\subsection{Validating Resource Management}\label{subsec:validating-resource-management} \subsection{Validating Resource Management}\label{subsec:validating-resource-management}
Lorem Ipsum. Besides memory management, the proper use of other resources, most notably file descriptors, may be checked.
(open, close, socket, \dots). Many functions in the C standard library rely on file descriptors.
It may be checked if file descriptors were properly acquired, if only previously acquired file descriptors are used, and if these file descriptors are closed after their use.
Relevant for this work are also semaphores because they do not rely on file descriptor in their API\@.
Due to time restrictions, no detailed list for validating resource management has been put together.

6
thesis/src/99.intercept.bib
View File

@@ -37,6 +37,12 @@
@manual{malloc.3, @manual{malloc.3,
title = {malloc(3) -- Library Functions Manual -- Linux manual pages}, title = {malloc(3) -- Library Functions Manual -- Linux manual pages},
} }
@manual{getaddrinfo.3,
title = {getaddrinfo(3) -- Library Functions Manual -- Linux manual pages},
}
@manual{getline.3,
title = {getline(3) -- Library Functions Manual -- Linux manual pages},
}
@book{netsectools2005, @book{netsectools2005,
author = {Dhanjani, Nitesh and Clarke, Justin}, author = {Dhanjani, Nitesh and Clarke, Justin},
title = {Network Security Tools}, title = {Network Security Tools},