From 5806992ffe80797ce6c6d071ffec54bd9080b760 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon, 15 Jul 2013 09:17:59 +0300
Subject: [PATCH] user_data: mark ntohl() data as user_data

Network endian data is almost certainly untrusted.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 check_user_data.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/check_user_data.c b/check_user_data.c
index 848fbbcb..f63c8783 100644
--- a/check_user_data.c
+++ b/check_user_data.c
@@ -33,6 +33,19 @@ enum {
 
 static int is_user_macro(struct expression *expr)
 {
+	char *macro;
+	struct range_list *rl;
+
+	macro = get_macro_name(expr->pos);
+
+	if (!macro)
+		return 0;
+	if (get_implied_rl(expr, &rl) && !is_whole_rl(rl))
+		return 0;
+	if (strcmp(macro, "ntohl") == 0)
+		return SET_DATA;
+	if (strcmp(macro, "ntohs") == 0)
+		return SET_DATA;
 	return 0;
 }
 
@@ -549,4 +562,7 @@ void check_user_data(int id)
 	select_return_states_hook(USER_DATA, &db_return_states_userdata);
 
 	add_modification_hook(my_id, &set_capped);
+
+	add_macro_assign_hook("ntohl", &match_macro_assign, NULL);
+	add_macro_assign_hook("ntohs", &match_macro_assign, NULL);
 }
-- 
2.11.4.GIT