1 // RUN: %clang_cc1 -analyze -analyzer-checker=core,security.insecureAPI.vfork,unix.Vfork -verify %s
2 // RUN: %clang_cc1 -analyze -analyzer-checker=core,security.insecureAPI.vfork,unix.Vfork -verify -x c++ %s
3 
4 #include "Inputs/system-header-simulator.h"
5 
6 void foo();
7 
8 // Ensure that child process is properly checked.
f1(int x)9 int f1(int x) {
10   pid_t pid = vfork(); // expected-warning{{Call to function 'vfork' is insecure}}
11   if (pid != 0)
12     return 0;
13 
14   switch (x) {
15   case 0:
16     // Ensure that modifying pid is ok.
17     pid = 1; // no-warning
18     // Ensure that calling whitelisted routines is ok.
19     execl("", "", 0); // no-warning
20     _exit(1); // no-warning
21     break;
22   case 1:
23     // Ensure that writing variables is prohibited.
24     x = 0; // expected-warning{{This assignment is prohibited after a successful vfork}}
25     break;
26   case 2:
27     // Ensure that calling functions is prohibited.
28     foo(); // expected-warning{{This function call is prohibited after a successful vfork}}
29     break;
30   default:
31     // Ensure that returning from function is prohibited.
32     return 0; // expected-warning{{Return is prohibited after a successful vfork; call _exit() instead}}
33   }
34 
35   while(1);
36 }
37 
38 // Same as previous but without explicit pid variable.
f2(int x)39 int f2(int x) {
40   pid_t pid = vfork(); // expected-warning{{Call to function 'vfork' is insecure}}
41 
42   switch (x) {
43   case 0:
44     // Ensure that writing pid is ok.
45     pid = 1; // no-warning
46     // Ensure that calling whitelisted routines is ok.
47     execl("", "", 0); // no-warning
48     _exit(1); // no-warning
49     break;
50   case 1:
51     // Ensure that writing variables is prohibited.
52     x = 0; // expected-warning{{This assignment is prohibited after a successful vfork}}
53     break;
54   case 2:
55     // Ensure that calling functions is prohibited.
56     foo(); // expected-warning{{This function call is prohibited after a successful vfork}}
57     break;
58   default:
59     // Ensure that returning from function is prohibited.
60     return 0; // expected-warning{{Return is prohibited after a successful vfork; call _exit() instead}}
61   }
62 
63   while(1);
64 }
65 
66 // Ensure that parent process isn't restricted.
f3(int x)67 int f3(int x) {
68   if (vfork() == 0) // expected-warning{{Call to function 'vfork' is insecure}}
69     _exit(1);
70   x = 0; // no-warning
71   foo(); // no-warning
72   return 0;
73 } // no-warning
74 
75 // Unbound pids are special so test them separately.
f4(int x)76 void f4(int x) {
77   switch (x) {
78   case 0:
79     vfork(); // expected-warning{{Call to function 'vfork' is insecure}}
80     x = 0; // expected-warning{{This assignment is prohibited after a successful vfork}}
81     break;
82 
83   case 1:
84     {
85       char args[2];
86       switch (vfork()) { // expected-warning{{Call to function 'vfork' is insecure}}
87       case 0:
88         args[0] = 0; // expected-warning{{This assignment is prohibited after a successful vfork}}
89         exit(1);
90       }
91       break;
92     }
93 
94   case 2:
95     {
96       pid_t pid;
97       if ((pid = vfork()) == 0) // expected-warning{{Call to function 'vfork' is insecure}}
98         while(1); // no-warning
99       break;
100     }
101   }
102   while(1);
103 } //no-warning
104 
105 
f5()106 void f5() {
107   // See "libxtables: move some code to avoid cautions in vfork man page"
108   // (http://lists.netfilter.org/pipermail/netfilter-buglog/2014-October/003280.html).
109   if (vfork() == 0) { // expected-warning{{Call to function 'vfork' is insecure}}
110     execl("prog", "arg1", 0); // no-warning
111     exit(1);  // expected-warning{{This function call is prohibited after a successful vfork}}
112   }
113 }
114 
115