I'm relatively new to C programming and I have been asked to check a linux utility for buffer overflows, however I have limited knowledge regarding the area so pardon me if I have not done a great job at it. I used Valgrind to detect the overflows and in it I received one definite leak, so I applied the --leak-check-full to identify where the leak will potentially be from, but I'm not sure how I can proceed with this, can anyone help me?
The utility I chose was nstat. Here's my result:
valgrind --leak-check=full nstat -d 1111111111
==3749== Memcheck, a memory error detector
==3749== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3749== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==3749== Command: nstat -d 1111111111
==3749==
#kernel
IpInReceives 112 0.0
IpInDelivers 112 0.0
IpOutRequests 115 0.0
TcpActiveOpens 6 0.0
TcpInSegs 30 0.0
TcpOutSegs 32 0.0
TcpRetransSegs 1 0.0
UdpInDatagrams 82 0.0
UdpOutDatagrams 82 0.0
Ip6InReceives 2 0.0
Ip6InDelivers 2 0.0
Ip6OutRequests 2 0.0
Ip6OutNoRoutes 2 0.0
Ip6InMcastPkts 2 0.0
Ip6OutMcastPkts 2 0.0
Ip6InOctets 186 0.0
Ip6OutOctets 186 0.0
Ip6InMcastOctets 186 0.0
Ip6OutMcastOctets 186 0.0
Ip6InNoECTPkts 2 0.0
Udp6InDatagrams 2 0.0
Udp6OutDatagrams 2 0.0
TcpExtTW 2 0.0
TcpExtTCPHPHits 6 0.0
TcpExtTCPPureAcks 5 0.0
TcpExtTCPHPAcks 6 0.0
TcpExtTCPTimeouts 1 0.0
TcpExtTCPSynRetrans 1 0.0
TcpExtTCPOrigDataSent 12 0.0
TcpExtTCPDelivered 18 0.0
IpExtInMcastPkts 4 0.0
IpExtOutMcastPkts 4 0.0
IpExtInOctets 10138 0.0
IpExtOutOctets 9060 0.0
IpExtInMcastOctets 292 0.0
IpExtOutMcastOctets 292 0.0
IpExtInNoECTPkts 112 0.0
==3749==
==3749== HEAP SUMMARY:
==3749== in use at exit: 18,429 bytes in 725 blocks
==3749== total heap usage: 756 allocs, 31 frees, 34,350 bytes allocated
==3749==
==3749== 128 bytes in 1 blocks are definitely lost in loss record 1 of 9
==3749== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==3749== by 0x10C79D: ??? (in /usr/bin/nstat)
==3749== by 0x4BE00B2: (below main) (libc-start.c:308)
==3749==
==3749== LEAK SUMMARY:
==3749== definitely lost: 128 bytes in 1 blocks
==3749== indirectly lost: 0 bytes in 0 blocks
==3749== possibly lost: 0 bytes in 0 blocks
==3749== still reachable: 18,301 bytes in 724 blocks
==3749== suppressed: 0 bytes in 0 blocks
==3749== Reachable blocks (those to which a pointer was found) are not shown.
==3749== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==3749==
==3749== For lists of detected and suppressed errors, rerun with: -s
==3749== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
I have searched for similar output results on the Valgrind manual but did not come across any. It would be great if someone can tell me what I can do to proceed on with my analysis.
If you are checking for buffer overflows, then rest assured, leaks do not fall into that category. However, your job is far from done. There are two major items that you need to consider.
The first is your code coverage. Just one test is probably far from enough. Ideally you should have an entire test suite that also has measurements of test coverage.
Secondly, there is the question of which is the best tool. One of the things that Valgrind memcheck does not do is check for overruns of statically allocated and global variables. Memory that is dynamically allocated (with malloc or new) will be checked.
In order to check statically allocated and global variables, I recommend that you use address sanitizer. However, this will entail rebuilding nstat.