Skip to content

Commit 9470a99

Browse files
authored
Add KeGetCurrentProcessorNumberEx to CQE-457 whitelist
Windows driver developers may call KeGetCurrentProcessorNumberEx in their driver. This function optionally may initialize a provided structure, but this initialization always occurs. The return value is the current processor being run on. As such, this query incorrectly marks calls to KeGetCurrentProcessorNumberEx that initialize a structure that is later used as risky, even though in reality the initialization always succeeds. See https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntddk/nf-ntddk-kegetcurrentprocessornumberex
1 parent f0d5a91 commit 9470a99

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

cpp/ql/src/Security/CWE/CWE-457/InitializationFunctions.qll

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -353,7 +353,9 @@ class InitializationFunction extends Function {
353353
// Destination range is zeroed out on failure, assuming first two parameters are valid
354354
"memcpy_s",
355355
// This zeroes the memory unconditionally
356-
"SeCreateAccessState"
356+
"SeCreateAccessState",
357+
// Argument initialization is optional, but always succeeds
358+
"KeGetCurrentProcessorNumberEx"
357359
]
358360
)
359361
}

0 commit comments

Comments
 (0)