lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.20.1701110708030.2396@hadrien>
Date:   Wed, 11 Jan 2017 07:12:53 +0100 (CET)
From:   Julia Lawall <julia.lawall@...6.fr>
To:     Pengfei Wang <wpengfeinudt@...il.com>
cc:     Vaishali Thakkar <vaishali.thakkar@...cle.com>,
        Kees Cook <keescook@...omium.org>,
        Vaishali Thakkar <vthakkar1994@...il.com>,
        linux-kernel@...r.kernel.org, Michal Marek <mmarek@...e.com>,
        cocci@...teme.lip6.fr
Subject: Re: [Cocci] [PATCH] coccicheck: add a test for repeat
 copy_from_user

I looked at the get_user part of the original script.  It looks like most
of the complexity is to deal with the possibility of the src location
being expressed in two different ways between the two calls.  Even if this
happens in practice only for get_user, it would seem that it could happen
for copy_from_user as well.  So I think we could just throw both get_user
and copy_from_user into the same rule?

I'm also not sure to understand why there are cases for things like

get_user(exp1, src->f1)
...
get_user(exp2,src)

Can this happen?  The types seem wrong.

Likewise, I see the need to take into account a second argument of src++,
but not the need to take into account a second argument of src+4.  Either
there is src+4 in both calls or the addresses involved are just different.

Perhaps I'm missing something, though.

julia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ