Func: Do not crash on va_args confusion for script funcs

Script and BIF functions with a single any parameter are excluded from type checking regarding arguments. This makes it possible to call a ScriptFunc with more arguments than it actually has parameters and frame space for, causing heap-buffer-overflows. This change runtime checks expected parameters and provided arguments and short-circuits execution as well as logging runtime expression errors. Fixes #2446
2025-10-02 14:48:21 +00:00 · 2022-10-28 13:55:57 +02:00 · 2022-10-28 13:55:57 +02:00 · 4314467e44
commit 4314467e44
parent 2ed42ef771
6 changed files with 70 additions and 0 deletions
--- a/testing/btest/language/any-script-func-variadic-errors.zeek
+++ b/testing/btest/language/any-script-func-variadic-errors.zeek
@ -0,0 +1,47 @@
+# @TEST-EXEC: zeek -b %INPUT >output
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
+
+function f(x: any)
+	{
+	local l = "a local";
+	print fmt("l=%s x=%s", l, x);
+	}
+
+event zeek_init() &priority=10
+	{
+	print "zeek_init() &priority=10";
+	f(1);
+	f(1, 2);
+	# Not reached
+	print "FAIL";
+	f(1);
+	}
+
+event zeek_init() &priority=-10
+	{
+	print "zeek_init() &priority=-10";
+	f(1);
+	f(1);
+	}
+
+
+@TEST-START-NEXT
+# Do not allow to call variadic through a script-level variable.
+global f: function(x: any);
+
+event zeek_init()
+	{
+	local _lambda = function(x: any) {
+		local l = "lambda local";
+		print fmt("l=%s x=%s", l, x);
+	};
+
+	f = _lambda;
+
+	f(1);
+	f(1, 2);
+	# Not reached
+	print "FAIL";
+	f(1);
+	}