| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Jan 2017 14:02:17 -0800
From: Kees Cook <keescook@...omium.org>
To: Julia Lawall <julia.lawall@...6.fr>
Cc: Vaishali Thakkar <vaishali.thakkar@...cle.com>,
Pengfei Wang <wpengfeinudt@...il.com>,
Vaishali Thakkar <vthakkar1994@...il.com>,
LKML <linux-kernel@...r.kernel.org>,
Michal Marek <mmarek@...e.com>, cocci@...teme.lip6.fr
Subject: Re: [Cocci] [PATCH] coccicheck: add a test for repeat copy_from_user
On Mon, Jan 9, 2017 at 12:56 PM, Kees Cook <keescook@...omium.org> wrote:
> On Mon, Jan 9, 2017 at 11:08 AM, Julia Lawall <julia.lawall@...6.fr> wrote:
>>
>> On Mon, 9 Jan 2017, Vaishali Thakkar wrote:
>>
>>> Here, may be we should add few more lines from Pengfei's
>>> script to avoid th potential FPs.
>>
>> Which lines (I don't have it handy)?
>
> I'm going to compare
> https://github.com/wpengfei/double_fetch_cocci/blob/master/pattern_match_linux.cocci
> to my original one, add your improvements and see what I get...
Okay, I finally had time to look at this. Pengfei added two other
logical cases that should be checked for, IIUC:
1) destination alias checking (with assignment either before or after
the first copy_from_user):
struct thing object;
struct thing *pointer = &object;
copy_from_user(..., &object);
...
copy_from_user(..., pointer);
2) field writes (via . or ->, instead of short writes):
struct thing object;
copy_from_user(..., &object.field);
...
copy_from_user(..., &object);
It'd probably better to convert Pengfei's into being able to run under
the coccicheck target.
-Kees
--
Kees Cook
Nexus Security
Powered by blists - more mailing lists