lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 20 Dec 2023 00:04:47 +0100 (CET)
From: Julia Lawall <julia.lawall@...ia.fr>
To: Luis Chamberlain <mcgrof@...nel.org>
cc: Thomas Weißschuh <linux@...ssschuh.net>, 
    Joel Granados <j.granados@...sung.com>, 
    Dan Carpenter <dan.carpenter@...aro.org>, 
    Kees Cook <keescook@...omium.org>, 
    "Gustavo A. R. Silva" <gustavoars@...nel.org>, 
    Iurii Zaikin <yzaikin@...gle.com>, 
    Greg Kroah-Hartman <gregkh@...uxfoundation.org>, 
    linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org, 
    linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v2 00/18] sysctl: constify sysctl ctl_tables

I came up with the following:

@@
type t;
const t *x;
identifier y,z;
expression a;
assignment operator aop;
@@

(
  (<+...(<+...x->y...+>)[...]...+>) aop a
|
  (<+...(<+...x->y...+>)->z...+>) aop a
|
* (<+...x->y...+>) aop a
)

@fn disable optional_qualifier@
identifier f,x;
type t;
parameter list[n] ps;
@@

f(ps,t *x,...) { ... }

@@
identifier fn.f;
expression list[fn.n] es;
type t;
const t *e;
@@

*f(es,e,...)

---------------

The first rule takes care of assignments, while the remaining rules check
function calls.

This is not extensively tested and has false positives.  One case is when
you have a->b[x->y] = 12; and it is x not a that is const.  Maybe I can
improve it to avoid this problem.

I would suggest to replace the occurrences of t by your specific type of
interest (and then drop the occurrences type t;), to reduce the amount of
work to be done and the chance of false positives.

This is also limited in that it only works on a single file.  Thus in
particular the last rule on function calls will only be triggered when the
called function is defined in the same file.

Despite the current limitations, maybe it will find something useful.

julia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ