Fix up queries and add tests

Author: ex0dus-0x

cpp/lib/trailofbits/crypto/openssl/bn.qll

@@ -66,70 +66,41 @@ class BIGNUM extends FunctionCall {
 // BN_CTX *BN_CTX_new(void);
 class BN_CTX_new extends CustomAllocator {
   BN_CTX_new() {
-    this.getName() = "BN_CTX_new" and
-    dealloc instanceof BN_CTX_free
-  }
-}
-
-// BN_CTX *BN_CTX_secure_new(void);
-class BN_CTX_secure_new extends CustomAllocator {
-  BN_CTX_secure_new() {
-    this.getName() = "BN_CTX_secure_new" and
+    this.getQualifiedName().matches("BN\\_CTX_new%")
+    or
+    this.getQualifiedName().matches("BN\\_CTX\\_secure\\_new%") and
     dealloc instanceof BN_CTX_free
   }
 }
 
 // void BN_CTX_free(BN_CTX *c);
 class BN_CTX_free extends CustomDeallocator {
-  BN_CTX_free() { this.getName() = "BN_CTX_free" }
+  BN_CTX_free() { this.getQualifiedName() = "BN_CTX_free" }
 
   override int getPointer() { result = 0 }
 }
 
 // void BN_CTX_start(BN_CTX *ctx);
-class BN_CTX_start extends Expr {
-  BN_CTX_start() {
-    exists(FunctionCall fc |
-      fc = this and
-      fc.getTarget().getName() = "BN_CTX_start"
-    )
-  }
+class BN_CTX_start extends FunctionCall {
+  BN_CTX_start() { this.getTarget().getName() = "BN_CTX_start" }
 
-  Expr getContext() { result = this.(FunctionCall).getArgument(0) }
+  Expr getContext() { result = this.getArgument(0) }
 }
 
 // void BN_CTX_end(BN_CTX *ctx);
-class BN_CTX_end extends Expr {
-  BN_CTX_end() {
-    exists(FunctionCall fc |
-      fc = this and
-      fc.getTarget().getName() = "BN_CTX_end"
-    )
-  }
+class BN_CTX_end extends FunctionCall {
+  BN_CTX_end() { this.getTarget().getName() = "BN_CTX_end" }
 
-  Expr getContext() { result = this.(FunctionCall).getArgument(0) }
+  Expr getContext() { result = this.getArgument(0) }
 }
 
 // BIGNUM *BN_CTX_get(BN_CTX *ctx);
-class BN_CTX_get extends Expr {
-  BN_CTX_get() {
-    exists(FunctionCall fc |
-      fc = this and
-      fc.getTarget().getName() = "BN_CTX_get"
-    )
-  }
+class BN_CTX_get extends FunctionCall {
+  BN_CTX_get() { this.getTarget().getName() = "BN_CTX_get" }
 
-  Expr getContext() { result = this.(FunctionCall).getArgument(0) }
+  Expr getContext() { result = this.getArgument(0) }
 }
 
-class BN_CTX extends Expr {
-  BN_CTX() {
-    exists(FunctionCall fc |
-      fc = this and
-      (
-        fc.getTarget() instanceof BN_CTX_new or
-        fc.getTarget() instanceof BN_CTX_secure_new
-      )
-    )
-  }
+class BN_CTX extends FunctionCall {
+  BN_CTX() { this.getTarget() instanceof BN_CTX_new }
 }

cpp/src/crypto/BnCtxFreeBeforeEnd.ql

@@ -5,24 +5,21 @@
  * @kind path-problem
  * @tags correctness crypto
  * @problem.severity error
- * @precision high
+ * @precision medium
  * @group cryptography
  */
 
 import cpp
 import trailofbits.crypto.libraries
 import semmle.code.cpp.dataflow.new.DataFlow
 import semmle.code.cpp.controlflow.ControlFlowGraph
-import DataFlow::PathGraph
 
 /**
  * Tracks BN_CTX from BN_CTX_start to BN_CTX_free without going through BN_CTX_end
  */
 module BnCtxFreeBeforeEndConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
-    exists(BN_CTX_start start |
-      source.asExpr() = start.getContext()
-    )
+    exists(BN_CTX_start start | source.asExpr() = start.getContext())
   }
 
   predicate isSink(DataFlow::Node sink) {
@@ -34,22 +31,22 @@ module BnCtxFreeBeforeEndConfig implements DataFlow::ConfigSig {
 
   predicate isBarrier(DataFlow::Node node) {
     // If the context flows through BN_CTX_end, it's properly handled
-    exists(BN_CTX_end end |
-      node.asExpr() = end.getContext()
-    )
+    exists(BN_CTX_end end | node.asExpr() = end.getContext())
   }
 }
 
 module BnCtxFreeBeforeEndFlow = DataFlow::Global<BnCtxFreeBeforeEndConfig>;
 
-from BnCtxFreeBeforeEndFlow::PathNode source, BnCtxFreeBeforeEndFlow::PathNode sink,
-     BN_CTX_start start, CustomDeallocatorCall free
+import BnCtxFreeBeforeEndFlow::PathGraph
+
+from
+  BnCtxFreeBeforeEndFlow::PathNode source, BnCtxFreeBeforeEndFlow::PathNode sink,
+  BN_CTX_start start, CustomDeallocatorCall free
 where
   BnCtxFreeBeforeEndFlow::flowPath(source, sink) and
   source.getNode().asExpr() = start.getContext() and
   sink.getNode().asExpr() = free.getPointer() and
   free.getTarget() instanceof BN_CTX_free
 select free, source, sink,
   "BN_CTX_free called at line " + free.getLocation().getStartLine().toString() +
-  " before BN_CTX_end after BN_CTX_start at line " +
-  start.getLocation().getStartLine().toString()
+    " before BN_CTX_end after BN_CTX_start at line " + start.getLocation().getStartLine().toString()

cpp/src/crypto/MissingBnCtxEnd.ql

@@ -15,16 +15,18 @@ import semmle.code.cpp.dataflow.new.DataFlow
 
 predicate isCleared(Expr bignum) {
   exists(BN_clear clear |
-    DataFlow::localFlow(DataFlow::exprNode(bignum), DataFlow::exprNode(clear.getArgument(0)))
-  ) or
-  exists(BN_clear_free clear_free |
-    DataFlow::localFlow(DataFlow::exprNode(bignum), DataFlow::exprNode(clear_free.getArgument(0)))
+    DataFlow::localFlow(DataFlow::exprNode(bignum), DataFlow::exprNode(clear.getBignum()))
+  )
+  or
+  exists(CustomDeallocatorCall clear_free |
+    clear_free.getTarget() instanceof BN_clear_free and
+    DataFlow::localFlow(DataFlow::exprNode(bignum), DataFlow::exprNode(clear_free.getPointer()))
   )
 }
 
 predicate isRandom(Expr bignum) {
   exists(BN_rand rand |
-    DataFlow::localFlow(DataFlow::exprNode(bignum), DataFlow::exprNode(rand.getArgument(0)))
+    DataFlow::localFlow(DataFlow::exprNode(bignum), DataFlow::exprNode(rand.getBignum()))
   )
 }
 

cpp/src/crypto/MissingZeroization.ql

@@ -0,0 +1,45 @@
+/**
+ * @name Unbalanced BN_CTX_start and BN_CTX_end pair
+ * @id tob/cpp/missing-bn-ctx-end
+ * @description Detects if one call in the BN_CTX_start/BN_CTX_end pair is missing
+ * @kind problem
+ * @tags correctness crypto
+ * @problem.severity warning
+ * @precision medium
+ * @group cryptography
+ */
+
+import cpp
+import trailofbits.crypto.libraries
+import semmle.code.cpp.dataflow.new.DataFlow
+import semmle.code.cpp.controlflow.Guards
+
+predicate hasMatchingEnd(BN_CTX_start start) {
+  exists(BN_CTX_end end, Function f |
+    start.getEnclosingFunction() = f and
+    end.getEnclosingFunction() = f and
+    DataFlow::localFlow(DataFlow::exprNode(start.getContext()), DataFlow::exprNode(end.getContext()))
+  )
+}
+
+predicate hasMatchingStart(BN_CTX_end end) {
+  exists(BN_CTX_start start, Function f |
+    end.getEnclosingFunction() = f and
+    start.getEnclosingFunction() = f and
+    DataFlow::localFlow(DataFlow::exprNode(start.getContext()), DataFlow::exprNode(end.getContext()))
+  )
+}
+
+from FunctionCall call, string message
+where
+  (
+    call instanceof BN_CTX_start and
+    not hasMatchingEnd(call) and
+    message = "BN_CTX_start called without corresponding BN_CTX_end"
+  ) or
+  (
+    call instanceof BN_CTX_end and
+    not hasMatchingStart(call) and
+    message = "BN_CTX_end called without corresponding BN_CTX_start"
+  )
+select call.getLocation(), message

cpp/src/crypto/UnbalancedBnCtx.ql

@@ -32,6 +32,32 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) {
   return 1;
 }
 
+// BN_CTX functions
+#define BN_CTX int
+
+BN_CTX *BN_CTX_new(void) {
+  static BN_CTX ctx = 1;
+  return &ctx;
+}
+
+BN_CTX *BN_CTX_secure_new(void) {
+  static BN_CTX ctx = 1;
+  return &ctx;
+}
+
+void BN_CTX_free(BN_CTX *c) {
+}
+
+void BN_CTX_start(BN_CTX *ctx) {
+}
+
+void BN_CTX_end(BN_CTX *ctx) {
+}
+
+BIGNUM *BN_CTX_get(BN_CTX *ctx) {
+  return &BN;
+}
+
 # ifdef  __cplusplus
 }
 #endif

cpp/test/include/openssl/bn.h

@@ -0,0 +1,12 @@
+edges
+| test.c:13:16:13:18 | ctx | test.c:15:15:15:17 | ctx | provenance |  |
+| test.c:34:16:34:18 | ctx | test.c:40:15:40:17 | ctx | provenance |  |
+nodes
+| test.c:13:16:13:18 | ctx | semmle.label | ctx |
+| test.c:15:15:15:17 | ctx | semmle.label | ctx |
+| test.c:34:16:34:18 | ctx | semmle.label | ctx |
+| test.c:40:15:40:17 | ctx | semmle.label | ctx |
+subpaths
+#select
+| test.c:15:3:15:13 | call to BN_CTX_free | test.c:13:16:13:18 | ctx | test.c:15:15:15:17 | ctx | BN_CTX_free called at line 15 before BN_CTX_end after BN_CTX_start at line 13 |
+| test.c:40:3:40:13 | call to BN_CTX_free | test.c:34:16:34:18 | ctx | test.c:40:15:40:17 | ctx | BN_CTX_free called at line 40 before BN_CTX_end after BN_CTX_start at line 34 |

cpp/test/query-tests/crypto/BnCtxFreeBeforeEnd/BnCtxFreeBeforeEnd.expected

@@ -0,0 +1 @@
+crypto/BnCtxFreeBeforeEnd.ql

cpp/test/query-tests/crypto/BnCtxFreeBeforeEnd/BnCtxFreeBeforeEnd.qlref

@@ -0,0 +1,43 @@
+#include "../../../include/openssl/bn.h"
+
+void good_proper_lifecycle() {
+  BN_CTX *ctx = BN_CTX_new();
+  BN_CTX_start(ctx);
+  BIGNUM *a = BN_CTX_get(ctx);
+  BN_CTX_end(ctx); // Properly call end before free
+  BN_CTX_free(ctx);
+}
+
+void bad_free_before_end() {
+  BN_CTX *ctx = BN_CTX_new();
+  BN_CTX_start(ctx);
+  BIGNUM *a = BN_CTX_get(ctx);
+  BN_CTX_free(ctx); // BUG: free before end
+}
+
+void good_mult_ctx() {
+  BN_CTX *ctx = BN_CTX_new();
+
+  BN_CTX_start(ctx);
+  BIGNUM *a = BN_CTX_get(ctx);
+  BN_CTX_end(ctx);
+
+  BN_CTX_start(ctx);
+  BIGNUM *b = BN_CTX_get(ctx);
+  BN_CTX_end(ctx);
+
+  BN_CTX_free(ctx);
+}
+
+void bad_conditional_end(int condition) {
+  BN_CTX *ctx = BN_CTX_new();
+  BN_CTX_start(ctx);
+  BIGNUM *a = BN_CTX_get(ctx);
+
+  if (condition) {
+    BN_CTX_end(ctx);
+  }
+  BN_CTX_free(ctx); // BUG: May free before end if condition is false
+}
+
+int main(void) {}

cpp/test/query-tests/crypto/BnCtxFreeBeforeEnd/test.c

@@ -0,0 +1,2 @@
+| test.c:13:3:13:14 | test.c:13:3:13:14 | BN_CTX_start called without corresponding BN_CTX_end |
+| test.c:21:3:21:12 | test.c:21:3:21:12 | BN_CTX_end called without corresponding BN_CTX_start |