From bb7be5393864e729ddfade5f770eee92a38c4a21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Fri, 3 Jun 2022 09:10:39 +0200 Subject: [PATCH 01/11] Fix COPR - Fix COPR `make srpm` --- .copr/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/.copr/Makefile b/.copr/Makefile index 29ed0bc..919eb2b 100644 --- a/.copr/Makefile +++ b/.copr/Makefile @@ -15,6 +15,7 @@ $(top)/rpmbuild: mkdir -p "$(top)"/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS} srpm: prereq update-dist-tools + git config --global safe.directory "*" test -f .gitmodules && git submodule update --init || true echo "$(spec)" | grep -q "develop.spec" && auto_build_number=`date --utc +%s` message="Auto build `date --utc --iso-8601=seconds`" "$(top)/dist-tools/spec-new-changelog-entry" || true overwrite=yes nosign=yes "$(top)/dist-tools/create-source-packages" rpm From 25adefa891fb5b232d4231bd34de0817bf54b503 Mon Sep 17 00:00:00 2001 From: LGTM Migrator Date: Mon, 5 Dec 2022 19:11:54 +0000 Subject: [PATCH 02/11] Add CodeQL workflow for GitHub code scanning --- .github/workflows/codeql.yml | 53 ++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..7242397 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,53 @@ +name: "CodeQL" + +on: + push: + branches: [ "develop", "master" ] + pull_request: + branches: [ "develop" ] + schedule: + - cron: "29 20 * * 3" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ cpp ] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install Packages (cpp) + if: ${{ matrix.language == 'cpp' }} + run: | + sudo apt-get update + sudo apt-get install --yes build-essential automake autoconf libtool pkg-config zlib1g-dev libmaxminddb-dev + + - name: Configure (cpp) + if: ${{ matrix.language == 'cpp' }} + run: | + ./autogen.sh + ./configure + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{ matrix.language }}" From 75283ccdb3183a6461281959ce372d258568cec3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Wed, 16 Aug 2023 11:30:36 +0200 Subject: [PATCH 03/11] Doc - `README`: Mention PowerTools for libpcap-devel - `RefCountString`: Use anonymous array for `data` --- README.md | 2 +- src/refcountstring.h | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0de7f5f..a8c29e5 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ To install the dependencies under Debian/Ubuntu: apt-get install -y zlib1g-dev libmaxminddb-dev ``` -To install the dependencies under CentOS (with EPEL enabled): +To install the dependencies under CentOS (with EPEL/PowerTools enabled): ``` yum install -y zlib-devel libmaxminddb-devel ``` diff --git a/src/refcountstring.h b/src/refcountstring.h index 2a80024..193385e 100644 --- a/src/refcountstring.h +++ b/src/refcountstring.h @@ -33,7 +33,7 @@ struct RefCountString { // data int count; - char data[sizeof(int)]; // this is a dummy, actual array will be larger + char data[]; // implementation void inc_refcount() @@ -50,9 +50,7 @@ struct RefCountString { static RefCountString* allocate(int data_length) { - std::size_t size = sizeof(RefCountString) - sizeof(char[sizeof(int)]) + data_length * sizeof(char); - - void* chunk = std::calloc(1, size); + void* chunk = std::calloc(1, sizeof(RefCountString) + data_length); if (!chunk) throw std::bad_alloc(); From d4e93ecd5d1911c4b92ec34682faee82d50f3a39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Wed, 24 Apr 2024 15:49:50 +0200 Subject: [PATCH 04/11] Workflow - Update GitHub workflow - `src/sql`: disable unused code --- .github/workflows/codeql.yml | 8 ++++---- src/sql.cpp | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7242397..db944a8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install Packages (cpp) if: ${{ matrix.language == 'cpp' }} @@ -39,15 +39,15 @@ jobs: ./configure - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} queries: +security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 with: category: "/language:${{ matrix.language }}" diff --git a/src/sql.cpp b/src/sql.cpp index 24f8dbd..987ffbe 100644 --- a/src/sql.cpp +++ b/src/sql.cpp @@ -415,13 +415,13 @@ class Per_sort { } Tlink* p = result.m_fl[0]; it = m_table.m_rows.begin(); - int cnt = 0; + // int cnt = 0; while (p) { *it++ = p->row; - cnt++; + // cnt++; Tlink* e = p->get_eq(); while (e) { - cnt++; + // cnt++; *it++ = e->row; e = e->get_eq(); } From 1ff69dfee32d2f6c7dd6f6b43d6d022634ab28b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Fri, 23 Aug 2024 10:04:00 +0200 Subject: [PATCH 05/11] Badges - Update badges - `configure`: Disable warnings about VLA --- README.md | 2 +- configure.ac | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a8c29e5..cc7dbbb 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # PacketQ -[![Total alerts](https://img.shields.io/lgtm/alerts/g/DNS-OARC/PacketQ.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/DNS-OARC/PacketQ/alerts/) [![Bugs](https://sonarcloud.io/api/project_badges/measure?project=dns-oarc%3APacketQ&metric=bugs)](https://sonarcloud.io/dashboard?id=dns-oarc%3APacketQ) [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=dns-oarc%3APacketQ&metric=security_rating)](https://sonarcloud.io/dashboard?id=dns-oarc%3APacketQ) +[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=dns-oarc%3APacketQ&metric=bugs)](https://sonarcloud.io/summary/new_code?id=dns-oarc%3APacketQ) [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=dns-oarc%3APacketQ&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=dns-oarc%3APacketQ) `packetq` is a command line tool to run SQL queries directly on PCAP files, the results can be outputted as JSON (default), formatted/compact CSV and XML. diff --git a/configure.ac b/configure.ac index 2dd7151..20f0f67 100644 --- a/configure.ac +++ b/configure.ac @@ -27,7 +27,10 @@ AC_CONFIG_HEADER([src/config.h]) AC_PROG_CXX # Check --enable-warn-all -AC_ARG_ENABLE([warn-all], [AS_HELP_STRING([--enable-warn-all], [Enable all compiler warnings])], [AX_CXXFLAGS_WARN_ALL()]) +AC_ARG_ENABLE([warn-all], [AS_HELP_STRING([--enable-warn-all], [Enable all compiler warnings])], [ + AX_CXXFLAGS_WARN_ALL() + AS_VAR_APPEND(CXXFLAGS, [" -Wno-vla"]) +]) # Check --with-extra-cxxflags AC_ARG_WITH([extra-cxxflags], [AS_HELP_STRING([--with-extra-cxxflags=CXXFLAGS], [Add extra CXXFLAGS])], [ From 3283c433dbe000a9cb5d2aac7cb03b0b339d0778 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Thu, 29 Aug 2024 10:14:45 +0200 Subject: [PATCH 06/11] Heap overflow - `sql`: Fix heap overflow [[sonarcloud](https://sonarcloud.io/project/issues?open=AZF-b0jIXv-Y5-GmvUlN&id=dns-oarc%3APacketQ)] --- src/sql.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/sql.cpp b/src/sql.cpp index 987ffbe..a2d3c3f 100644 --- a/src/sql.cpp +++ b/src/sql.cpp @@ -891,8 +891,9 @@ void Table::csv(bool format) printf("%s", csv_qoute_string(m_cols[i]->m_name).c_str()); if (i < cols - 1) { - if (format) { - printf("%s,", &tmp[csv_qoute_string(m_cols[i]->m_name).length() + max - col_len[i] + 1]); + size_t pos = csv_qoute_string(m_cols[i]->m_name).length() + max - col_len[i] + 1; + if (format && pos < max) { + printf("%s,", &tmp[pos]); } else { printf(","); } From 6771f3a7fdbb3d8ab0b569d909e7a8265522a2c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Thu, 29 Aug 2024 10:32:17 +0200 Subject: [PATCH 07/11] Copyright - Update copyright - Fix typo in `debian/copyright` --- Makefile.am | 2 +- README.md | 2 +- autogen.sh | 2 +- configure.ac | 2 +- debian/copyright | 10 +++------- src/Makefile.am | 2 +- src/dns.cpp | 2 +- src/dns.h | 2 +- src/icmp.cpp | 2 +- src/icmp.h | 2 +- src/output.h | 2 +- src/packet_handler.cpp | 2 +- src/packet_handler.h | 2 +- src/packetq.cpp | 2 +- src/packetq.h | 2 +- src/pcap.cpp | 2 +- src/pcap.h | 2 +- src/reader.cpp | 2 +- src/reader.h | 2 +- src/refcountstring.h | 2 +- src/regression-test.sh | 2 +- src/segzip.h | 2 +- src/server.cpp | 2 +- src/server.h | 2 +- src/sql.cpp | 2 +- src/sql.h | 2 +- src/tcp.cpp | 2 +- src/tcp.h | 2 +- src/test/Makefile.am | 2 +- src/test/test1.sh | 2 +- src/test/test2.sh | 2 +- src/test/test3.sh | 2 +- src/test/test4.sh | 2 +- src/test/test5.sh | 2 +- src/test/test6.sh | 2 +- src/test/test7.sh | 2 +- src/variant.h | 2 +- 37 files changed, 39 insertions(+), 43 deletions(-) diff --git a/Makefile.am b/Makefile.am index fd03ad5..1eec14a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,4 +1,4 @@ -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/README.md b/README.md index cc7dbbb..d5e5ee1 100644 --- a/README.md +++ b/README.md @@ -113,7 +113,7 @@ See also the [full list of contributors](https://github.com/DNS-OARC/PacketQ/gra ## Copyright -Copyright (c) 2017-2022, OARC, Inc. +Copyright (c) 2017-2024 OARC, Inc. Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden diff --git a/autogen.sh b/autogen.sh index f1f0091..3ab30f4 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,6 +1,6 @@ #!/bin/sh -e # -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/configure.ac b/configure.ac index 20f0f67..480f2d3 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/debian/copyright b/debian/copyright index cec0dc9..ab4ecb2 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,16 +1,12 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: drool -Source: https://github.com/DNS-OARC/drool +Upstream-Name: PacketQ +Source: https://github.com/DNS-OARC/PacketQ Files: * -Copyright: 2017-2022, OARC, Inc. +Copyright: 2017-2024 OARC, Inc. 2011-2017, IIS - The Internet Foundation in Sweden License: GPLv3 -Files: debian/* -Copyright: 2022 Jerry Lundström -License: GPLv3 - Files: src/Murmur/MurmurHash3.* Copyright: Austin Appleby License: Public Domain diff --git a/src/Makefile.am b/src/Makefile.am index 4ed7245..1b33a20 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,4 +1,4 @@ -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/src/dns.cpp b/src/dns.cpp index e1d88bf..24ebca1 100644 --- a/src/dns.cpp +++ b/src/dns.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/dns.h b/src/dns.h index 1dc4401..0afd281 100644 --- a/src/dns.h +++ b/src/dns.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/icmp.cpp b/src/icmp.cpp index 06cccfa..108d66d 100644 --- a/src/icmp.cpp +++ b/src/icmp.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/icmp.h b/src/icmp.h index dfe076f..0528849 100644 --- a/src/icmp.h +++ b/src/icmp.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/output.h b/src/output.h index bc63e65..ca526de 100644 --- a/src/output.h +++ b/src/output.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/packet_handler.cpp b/src/packet_handler.cpp index d35e74b..df21e9f 100644 --- a/src/packet_handler.cpp +++ b/src/packet_handler.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/packet_handler.h b/src/packet_handler.h index da708c5..7e966d4 100644 --- a/src/packet_handler.h +++ b/src/packet_handler.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/packetq.cpp b/src/packetq.cpp index 2da72cd..6a6cd67 100644 --- a/src/packetq.cpp +++ b/src/packetq.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/packetq.h b/src/packetq.h index 2c68339..8ee9841 100644 --- a/src/packetq.h +++ b/src/packetq.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/pcap.cpp b/src/pcap.cpp index 4e4bbc3..0a39487 100644 --- a/src/pcap.cpp +++ b/src/pcap.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/pcap.h b/src/pcap.h index a5b346c..2c40035 100644 --- a/src/pcap.h +++ b/src/pcap.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/reader.cpp b/src/reader.cpp index c3e73fd..dae5376 100644 --- a/src/reader.cpp +++ b/src/reader.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/reader.h b/src/reader.h index 9581bb1..fb65833 100644 --- a/src/reader.h +++ b/src/reader.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/refcountstring.h b/src/refcountstring.h index 193385e..f91a4a0 100644 --- a/src/refcountstring.h +++ b/src/refcountstring.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/regression-test.sh b/src/regression-test.sh index 51187d0..9d25736 100755 --- a/src/regression-test.sh +++ b/src/regression-test.sh @@ -1,4 +1,4 @@ -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/src/segzip.h b/src/segzip.h index 653d9fc..14b28e4 100644 --- a/src/segzip.h +++ b/src/segzip.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/server.cpp b/src/server.cpp index 97501fe..9b10fca 100644 --- a/src/server.cpp +++ b/src/server.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/server.h b/src/server.h index f3e8498..ed14fee 100644 --- a/src/server.h +++ b/src/server.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/sql.cpp b/src/sql.cpp index a2d3c3f..364d204 100644 --- a/src/sql.cpp +++ b/src/sql.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/sql.h b/src/sql.h index e4f9eaa..4f0c318 100644 --- a/src/sql.h +++ b/src/sql.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/tcp.cpp b/src/tcp.cpp index e3ba3ae..c10ff75 100644 --- a/src/tcp.cpp +++ b/src/tcp.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/tcp.h b/src/tcp.h index 25ac77a..48a2a2d 100644 --- a/src/tcp.h +++ b/src/tcp.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * diff --git a/src/test/Makefile.am b/src/test/Makefile.am index 40a87b4..eb40c2c 100644 --- a/src/test/Makefile.am +++ b/src/test/Makefile.am @@ -1,4 +1,4 @@ -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/src/test/test1.sh b/src/test/test1.sh index 305e3ae..83e6779 100755 --- a/src/test/test1.sh +++ b/src/test/test1.sh @@ -1,5 +1,5 @@ #!/bin/sh -e -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/src/test/test2.sh b/src/test/test2.sh index 84210e0..c443ec1 100755 --- a/src/test/test2.sh +++ b/src/test/test2.sh @@ -1,5 +1,5 @@ #!/bin/sh -e -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/src/test/test3.sh b/src/test/test3.sh index f1f0562..528845d 100755 --- a/src/test/test3.sh +++ b/src/test/test3.sh @@ -1,5 +1,5 @@ #!/bin/sh -e -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/src/test/test4.sh b/src/test/test4.sh index 84b458f..0747e73 100755 --- a/src/test/test4.sh +++ b/src/test/test4.sh @@ -1,5 +1,5 @@ #!/bin/sh -e -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/src/test/test5.sh b/src/test/test5.sh index 979b6dc..42ce265 100755 --- a/src/test/test5.sh +++ b/src/test/test5.sh @@ -1,5 +1,5 @@ #!/bin/sh -e -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/src/test/test6.sh b/src/test/test6.sh index 96b41f1..9846b36 100755 --- a/src/test/test6.sh +++ b/src/test/test6.sh @@ -1,5 +1,5 @@ #!/bin/sh -e -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/src/test/test7.sh b/src/test/test7.sh index 79ef965..6433aab 100755 --- a/src/test/test7.sh +++ b/src/test/test7.sh @@ -1,5 +1,5 @@ #!/bin/sh -e -# Copyright (c) 2017-2022, OARC, Inc. +# Copyright (c) 2017-2024 OARC, Inc. # Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden # All rights reserved. # diff --git a/src/variant.h b/src/variant.h index 6142392..7c20e04 100644 --- a/src/variant.h +++ b/src/variant.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2022, OARC, Inc. + * Copyright (c) 2017-2024 OARC, Inc. * Copyright (c) 2011-2017, IIS - The Internet Foundation in Sweden * All rights reserved. * From 622423406d25305d01f920f43f199205319b54c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Thu, 29 Aug 2024 11:03:48 +0200 Subject: [PATCH 08/11] CodeQL fixes - Fix CodeQL issues: - https://github.com/DNS-OARC/PacketQ/security/code-scanning/35 - https://github.com/DNS-OARC/PacketQ/security/code-scanning/37 - https://github.com/DNS-OARC/PacketQ/security/code-scanning/38 - https://github.com/DNS-OARC/PacketQ/security/code-scanning/39 - https://github.com/DNS-OARC/PacketQ/security/code-scanning/40 --- src/pcap.h | 2 +- src/server.cpp | 4 ++-- src/sql.cpp | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/pcap.h b/src/pcap.h index 2c40035..ab09938 100644 --- a/src/pcap.h +++ b/src/pcap.h @@ -178,7 +178,7 @@ class Pcap_file { m_packetbuffer = 0; } m_packetbuffer_len = len + 4096; - m_packetbuffer = new unsigned char[m_packetbuffer_len]; + m_packetbuffer = new(std::nothrow) unsigned char[m_packetbuffer_len]; if (!m_packetbuffer) m_packetbuffer_len = 0; } diff --git a/src/server.cpp b/src/server.cpp index 9b10fca..9959871 100644 --- a/src/server.cpp +++ b/src/server.cpp @@ -66,7 +66,7 @@ namespace httpd { "Content-Type: %s\r\n" "\r\n"; - Server* g_server = 0; + static Server* g_server = 0; class SocketPool { public: @@ -1165,7 +1165,7 @@ void start_server(int port, bool fork_me, const std::string& pcaproot, const std if (cnt < max_conn) { int c = server.get_connection(); if (c > -1) { - Http_socket* s = new Http_socket(c); + Http_socket* s = new(std::nothrow) Http_socket(c); if (s && s->failed()) { syslog(LOG_ERR | LOG_USER, "failed to create socket"); delete s; diff --git a/src/sql.cpp b/src/sql.cpp index 364d204..8477fbd 100644 --- a/src/sql.cpp +++ b/src/sql.cpp @@ -2556,7 +2556,7 @@ Cc_func::Cc_func(const OP& op) } } - MMDB_s* mmdb = new MMDB_s; + MMDB_s* mmdb = new(std::nothrow) MMDB_s; if (!mmdb) { return; } @@ -2648,7 +2648,7 @@ Asn_func::Asn_func(const OP& op) } } - MMDB_s* mmdb = new MMDB_s; + MMDB_s* mmdb = new(std::nothrow) MMDB_s; if (!mmdb) { return; } From 1dfd47b659ce3befc7c50bbef7d7a690aef8aee6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Thu, 29 Aug 2024 11:19:55 +0200 Subject: [PATCH 09/11] CodeQL, code format - Fix CodeQL issue https://github.com/DNS-OARC/PacketQ/security/code-scanning/5 - Format code --- src/packetq.cpp | 2 +- src/pcap.h | 2 +- src/server.cpp | 4 ++-- src/sql.cpp | 7 +++---- src/sql.h | 2 +- src/tcp.cpp | 8 ++++---- 6 files changed, 12 insertions(+), 13 deletions(-) diff --git a/src/packetq.cpp b/src/packetq.cpp index 6a6cd67..3a56fd5 100644 --- a/src/packetq.cpp +++ b/src/packetq.cpp @@ -139,7 +139,7 @@ int getopt_long(int argc, char* argv[], const char* str, option* opt, int* optio void sigproc(int sig) { - //ignore sig pipe + // ignore sig pipe signal(SIGPIPE, sigproc); } diff --git a/src/pcap.h b/src/pcap.h index ab09938..26bef6a 100644 --- a/src/pcap.h +++ b/src/pcap.h @@ -178,7 +178,7 @@ class Pcap_file { m_packetbuffer = 0; } m_packetbuffer_len = len + 4096; - m_packetbuffer = new(std::nothrow) unsigned char[m_packetbuffer_len]; + m_packetbuffer = new (std::nothrow) unsigned char[m_packetbuffer_len]; if (!m_packetbuffer) m_packetbuffer_len = 0; } diff --git a/src/server.cpp b/src/server.cpp index 9959871..96e14d3 100644 --- a/src/server.cpp +++ b/src/server.cpp @@ -230,7 +230,7 @@ namespace httpd { } void process(bool read) { - //m_serv means this is a listening socket + // m_serv means this is a listening socket if (m_serv) return; if (!read) { @@ -1165,7 +1165,7 @@ void start_server(int port, bool fork_me, const std::string& pcaproot, const std if (cnt < max_conn) { int c = server.get_connection(); if (c > -1) { - Http_socket* s = new(std::nothrow) Http_socket(c); + Http_socket* s = new (std::nothrow) Http_socket(c); if (s && s->failed()) { syslog(LOG_ERR | LOG_USER, "failed to create socket"); delete s; diff --git a/src/sql.cpp b/src/sql.cpp index 8477fbd..25fe0c5 100644 --- a/src/sql.cpp +++ b/src/sql.cpp @@ -531,8 +531,7 @@ void Table::merge_sort(Ordering_terms& order) if (p2 + l2 > table_size) l2 = table_size - p2; - int i = start; - + i = start; while (cnt-- > 0) { if (l1 <= 0) { d[i++] = s[p2++]; @@ -2556,7 +2555,7 @@ Cc_func::Cc_func(const OP& op) } } - MMDB_s* mmdb = new(std::nothrow) MMDB_s; + MMDB_s* mmdb = new (std::nothrow) MMDB_s; if (!mmdb) { return; } @@ -2648,7 +2647,7 @@ Asn_func::Asn_func(const OP& op) } } - MMDB_s* mmdb = new(std::nothrow) MMDB_s; + MMDB_s* mmdb = new (std::nothrow) MMDB_s; if (!mmdb) { return; } diff --git a/src/sql.h b/src/sql.h index 4f0c318..98bb9ff 100644 --- a/src/sql.h +++ b/src/sql.h @@ -668,7 +668,7 @@ class OP : public Token { } m_name += ")"; } - //m_name+=")"; + // m_name+=")"; return m_name.c_str(); } Coltype::Type ret_type() { return m_t; } diff --git a/src/tcp.cpp b/src/tcp.cpp index c10ff75..09ec9a7 100644 --- a/src/tcp.cpp +++ b/src/tcp.cpp @@ -130,8 +130,8 @@ class Stream { } /// add a datasegment to the stream /** If the segment has the expected sequence number - * the segment will be added to the list - */ + * the segment will be added to the list + */ void add(bool syn, unsigned int seq, Data_segment& s) { m_content = true; @@ -183,8 +183,8 @@ class Stream { } /// returns the data in the stream /** The returned data is located in a static buffer shared by all streams - * the data is valid until the next call to get_buffer() - */ + * the data is valid until the next call to get_buffer() + */ unsigned char* get_buffer() { int p = 0; From 68b538543d7c1f2424f9bdfdd75b3f302f27eac6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Thu, 29 Aug 2024 13:40:59 +0200 Subject: [PATCH 10/11] Cleanup - Remove code that's disabled and/or commented out --- src/sql.cpp | 11 +---------- src/sql.h | 1 - 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/src/sql.cpp b/src/sql.cpp index 25fe0c5..94ad7ed 100644 --- a/src/sql.cpp +++ b/src/sql.cpp @@ -415,24 +415,15 @@ class Per_sort { } Tlink* p = result.m_fl[0]; it = m_table.m_rows.begin(); - // int cnt = 0; while (p) { - *it++ = p->row; - // cnt++; + *it++ = p->row; Tlink* e = p->get_eq(); while (e) { - // cnt++; *it++ = e->row; e = e->get_eq(); } p = p->m_next; }; - // CID 1436254 Dereference after null check - // Code disabled, it makes no sense - // if(cnt != table_size) - // { - // p++; - // } delete[] links; } diff --git a/src/sql.h b/src/sql.h index 98bb9ff..bcd9a80 100644 --- a/src/sql.h +++ b/src/sql.h @@ -668,7 +668,6 @@ class OP : public Token { } m_name += ")"; } - // m_name+=")"; return m_name.c_str(); } Coltype::Type ret_type() { return m_t; } From 9861294343e95847fda2f562c6b664c2449effac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Thu, 29 Aug 2024 13:52:00 +0200 Subject: [PATCH 11/11] Release 1.7.2 --- CHANGES | 29 +++++++++++++++++++++++++++++ configure.ac | 2 +- debian/changelog | 31 +++++++++++++++++++++++++++++++ rpm/packetq.spec | 27 ++++++++++++++++++++++++++- 4 files changed, 87 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 174aa41..d01d2f0 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,32 @@ +2024-08-29 Jerry Lundström + + Release 1.7.2 + + This patch release fixes various issues reported by CI/code analysis + tools. + + Fixes: + - `RefCountString`: Use anonymous array for `data` + - `sql`: Fix heap overflow [[sonarcloud](https://sonarcloud.io/project/issues?open=AZF-b0jIXv-Y5-GmvUlN&id=dns-oarc%3APacketQ)] + - Fix CodeQL issues: + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/35 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/37 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/38 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/39 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/40 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/5 + + 68b5385 Cleanup + 1dfd47b CodeQL, code format + 6224234 CodeQL fixes + 6771f3a Copyright + 3283c43 Heap overflow + 1ff69df Badges + d4e93ec Workflow + 75283cc Doc + 25adefa Add CodeQL workflow for GitHub code scanning + bb7be53 Fix COPR + 2022-06-02 Jerry Lundström Release 1.7.1 diff --git a/configure.ac b/configure.ac index 480f2d3..e17413b 100644 --- a/configure.ac +++ b/configure.ac @@ -18,7 +18,7 @@ # along with PacketQ. If not, see . AC_PREREQ(2.61) -AC_INIT([packetq], [1.7.1], [admin@dns-oarc.net], [packetq], [https://github.com/DNS-OARC/packetq/issues]) +AC_INIT([packetq], [1.7.2], [admin@dns-oarc.net], [packetq], [https://github.com/DNS-OARC/packetq/issues]) AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects]) AC_CONFIG_SRCDIR([src/packetq.cpp]) AC_CONFIG_HEADER([src/config.h]) diff --git a/debian/changelog b/debian/changelog index 8d5934b..4af6245 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,34 @@ +packetq (1.7.2-1~unstable+1) unstable; urgency=low + + * Release 1.7.2 + + This patch release fixes various issues reported by CI/code analysis + tools. + + Fixes: + - `RefCountString`: Use anonymous array for `data` + - `sql`: Fix heap overflow [[sonarcloud](https://sonarcloud.io/project/issues?open=AZF-b0jIXv-Y5-GmvUlN&id=dns-oarc%3APacketQ)] + - Fix CodeQL issues: + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/35 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/37 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/38 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/39 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/40 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/5 + + 68b5385 Cleanup + 1dfd47b CodeQL, code format + 6224234 CodeQL fixes + 6771f3a Copyright + 3283c43 Heap overflow + 1ff69df Badges + d4e93ec Workflow + 75283cc Doc + 25adefa Add CodeQL workflow for GitHub code scanning + bb7be53 Fix COPR + + -- Jerry Lundström Thu, 29 Aug 2024 13:50:01 +0200 + packetq (1.7.1-1~unstable+1) unstable; urgency=low * Release 1.7.1 diff --git a/rpm/packetq.spec b/rpm/packetq.spec index ed54a5d..e03818d 100644 --- a/rpm/packetq.spec +++ b/rpm/packetq.spec @@ -1,5 +1,5 @@ Name: packetq -Version: 1.7.1 +Version: 1.7.2 Release: 1%{?dist} Summary: A tool that provides a basic SQL-frontend to PCAP-files Group: Productivity/Networking/DNS/Utilities @@ -56,6 +56,31 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Aug 29 2024 Jerry Lundström 1.7.2-1 +- Release 1.7.2 + * This patch release fixes various issues reported by CI/code analysis + tools. + * Fixes: + - `RefCountString`: Use anonymous array for `data` + - `sql`: Fix heap overflow [[sonarcloud](https://sonarcloud.io/project/issues?open=AZF-b0jIXv-Y5-GmvUlN&id=dns-oarc%3APacketQ)] + - Fix CodeQL issues: + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/35 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/37 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/38 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/39 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/40 + - https://github.com/DNS-OARC/PacketQ/security/code-scanning/5 + * Commits: + 68b5385 Cleanup + 1dfd47b CodeQL, code format + 6224234 CodeQL fixes + 6771f3a Copyright + 3283c43 Heap overflow + 1ff69df Badges + d4e93ec Workflow + 75283cc Doc + 25adefa Add CodeQL workflow for GitHub code scanning + bb7be53 Fix COPR * Thu Jun 02 2022 Jerry Lundström 1.7.1-1 - Release 1.7.1 * This patch release fixes a bug in the domain name parsing that cuts