lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Nov 2015 17:31:11 -0800 From: Palmer Dabbelt <palmer@...belt.com> To: peterz@...radead.org Cc: Palmer Dabbelt <palmer@...belt.com> Subject: [PATCH 14/14] Re-enable and clean up "check_config()" in headers_check.pl I recently got bit by a CONFIG_ in userspace bug. This has apparently happened before, but the check got disabled for triggering too much. In order to reduce false positives, I added some hueristics to avoid detecting comments. Since these tests all pass, I've now re-enabled them. Signed-off-by: Palmer Dabbelt <palmer@...belt.com> Reviewed-by: Andrew Waterman <waterman@...s.berkeley.edu> Reviewed-by: Albert Ou <aou@...s.berkeley.edu> --- scripts/headers_check.pl | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/scripts/headers_check.pl b/scripts/headers_check.pl index 62320f9..1634b51 100755 --- a/scripts/headers_check.pl +++ b/scripts/headers_check.pl @@ -27,6 +27,7 @@ my $ret = 0; my $line; my $lineno = 0; my $filename; +my $check_config_in_multiline_comment = 0; foreach my $file (@files) { $filename = $file; @@ -40,7 +41,7 @@ foreach my $file (@files) { &check_asm_types(); &check_sizetypes(); &check_declarations(); - # Dropped for now. Too much noise &check_config(); + &check_config(); } close $fh; } @@ -78,7 +79,21 @@ sub check_declarations sub check_config { - if ($line =~ m/[^a-zA-Z0-9_]+CONFIG_([a-zA-Z0-9_]+)[^a-zA-Z0-9_]/) { + my $nocomments = $line; + $nocomments =~ s/\/\*.*\*\///; # Remove ANSI-style comments (/* to */) + $nocomments =~ s/\/\/.*//; # Remove C99-style comments (// to EOL) + + # Check to see if we're within a multiline comment, and if so + # just remove the whole line. I tried matching on '^ * ', but + # there's one header that doesn't prepend multi-line comments + # with * so that won't work. + if ($nocomments =~ m/\/\*/) { $check_config_in_multiline_comment = 1; } + if ($nocomments =~ m/\*\//) { $check_config_in_multiline_comment = 0; } + if ($check_config_in_multiline_comment == 1) { $nocomments = "" } + + # Check to see if there is something that looks like CONFIG_ + # inside a userspace-accessible header file and if so, print that out. + if ($nocomments =~ m/[^a-zA-Z0-9_]+CONFIG_([a-zA-Z0-9_]+)[^a-zA-Z0-9_]/) { printf STDERR "$filename:$lineno: leaks CONFIG_$1 to userspace where it is not valid\n"; } } -- 2.4.10 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists