lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1487016895.6214.8.camel@perches.com>
Date:   Mon, 13 Feb 2017 12:14:55 -0800
From:   Joe Perches <joe@...ches.com>
To:     "Roberts, William C" <william.c.roberts@...el.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "apw@...onical.com" <apw@...onical.com>
Cc:     "kernel-hardening@...ts.openwall.com" 
        <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH] checkpatch: add warning on %pk instead of %pK usage

(resending including cc's)

On Mon, 2017-02-13 at 19:46 +0000, Roberts, William C wrote:
> > -----Original Message-----
> > From: Joe Perches [mailto:joe@...ches.com]
> > Sent: Friday, February 10, 2017 7:24 PM
> > To: Roberts, William C <william.c.roberts@...el.com>; linux-
> > kernel@...r.kernel.org; apw@...onical.com
> > Cc: kernel-hardening@...ts.openwall.com
> > Subject: Re: [PATCH] checkpatch: add warning on %pk instead of %pK usage
> > 
> > On Sat, 2017-02-11 at 01:32 +0000, Roberts, William C wrote:
> > > <snip>
> > > > > By "normal" I'm referring to things that call into pointer(), just
> > > > > casually looking I see bstr_printf vsnprintf kvasprintf, which
> > > > > would be easy enough to add
> > > > > 
> > > > > > What do you think is missing?  sn?printf ? That's easy to add.
> > > > > 
> > > > > The problem starts to get hairy when we think of how often folks
> > > > > roll their own logging macros (see some small sampling at the end).
> > > > > 
> > > > > I think we would want to add DEBUG DBG and sn?printf and maybe
> > > > > consider dropping the \b on the regex so it's a bit more matchy
> > > > > but still shouldn't end up matching on any ASM as you pointed out in the V2
> > 
> > nack.
> > > > > 
> > > > > Ill break this down into:
> > > > > 1. the patch as I know you'll take it, as you wrote it :-P 2.
> > > > > Adding to the logging macros 3. exploring making it less matchy
> > > 
> > > -Kees and Andrew they likely don't care about the rest of this...
> > > 
> > > I have been working up a regex (I suck at these) to match C functions
> > > that have an invalid %p format string and take arguments:
> > > http://www.regexr.com/3f92k
> > > 
> > > This could be a way to get better coverage in a more generic approach,
> > 
> > thoughts?
> > 
> > Maybe this: (attached too because Evolution is a bad email client)
> > 
> > It's still kind of hacky, but it does find multiple line statements like:
> > 
> > +		printf(KERN_INFO
> > +		       "a %pX",
> > +		       foo);
> > 
> 
> I downloaded your checkpatch.pl patch wouldn't apply for some reason... I applied it by hand and
> couldn't get it to trigger on either the case you show above or below:
> 
> +	MY_DEBUG(drv->foo,
> +		"%pk",
> +		foo->boo);
> +
> 
> > ---
> > Subject: [PATCH] checkpatch: Add ability to find bad uses of vsprintf %p
> > extensions
> > 
> > %pK was at least once misused at %pk in an out-of-tree module.
> > This lead to some security concerns.  Add the ability to track single and multiple
> > line statements for misuses of %p.
> > 
> > Signed-off-by: Joe Perches
> > ---
> >  scripts/checkpatch.pl | 26 ++++++++++++++++++++++++++
> >  1 file changed, 26 insertions(+)
> > 
> > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index
> > ad5ea5c545b2..0eaf6b8580d6 100755
> > --- a/scripts/checkpatch.pl
> > +++ b/scripts/checkpatch.pl
> > @@ -5676,6 +5676,32 @@ sub process {
> >  			}
> >  		}
> > 
> > +		# check for vsprintf extension %p misuses
> > +		if ($^V && $^V ge 5.10.0 &&
> > +		    defined $stat &&
> > +		    $stat =~ /^\+(?![^\{]*\{\s*).*\b(\w+)\s*\(.*$String\s*,/s &&
> > +		    $1 !~ /^_*volatile_*$/) {
> > +			my $bad_extension = "";
> > +			my $lc = $stat =~ tr@\n@@;
> > +			$lc = $lc + $linenr;
> > +		        for (my $count = $linenr; $count <= $lc; $count++) {
> > +				my $fmt = get_quoted_string($lines[$count - 1],
> > raw_line($count, 0));
> > +				$fmt =~ s/%%//g;
> > +				if ($fmt =~
> > /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGN]).)/) {
> > +					$bad_extension = $1;
> > +					last;
> > +				}
> > +			}
> > +			if ($bad_extension ne "") {
> > +				my $stat_real = raw_line($linenr, 0);
> > +				for (my $count = $linenr + 1; $count <= $lc;
> > $count++) {
> > +					$stat_real = $stat_real . "\n" .
> > raw_line($count, 0);
> > +				}
> > +				WARN("VSPRINTF_POINTER_EXTENSION",
> > +				     "Invalid vsprintf pointer extension
> > '$bad_extension'\n" . "$here\n$stat_real\n");
> > +			}
> > +		}
> > +
> >  # Check for misused memsets
> >  		if ($^V && $^V ge 5.10.0 &&
> >  		    defined $stat &&
> > --
> 
> Mixed tabs/spaces issues. But I like the concept of matching across multiple lines. My tree was set to:
> 
> commit 7089db84e356562f8ba737c29e472cc42d530dbc
> Author: Linus Torvalds <torvalds@...ux-foundation.org>
> Date:   Sun Feb 12 13:03:20 2017 -0800
> 
>     Linux 4.10-rc8
> 
> $ git apply --check ~/Downloads/0001-checkpatch-Add-ability-to-find-bad-uses-of-vsprintf-.patch
> error: patch failed: scripts/checkpatch.pl:5676
> error: scripts/checkpatch.pl: patch does not apply
> 

No worries.
No idea why it doesn't work for you.
Maybe the hand applying was somehow
faulty?

The attached is on top of -next so it does have offsets
on Linus' tree, but it seems to work.

(on -linux)

$ patch -p1 < cp_vsp.diff 
patching file scripts/checkpatch.pl
Hunk #1 succeeded at 5634 (offset -36 lines).

$ cat t_block.c
{
	MY_DEBUG(drv->foo,
		 "%pk",
		 foo->boo);
}
$ ./scripts/checkpatch.pl -f t_block.c
WARNING: Invalid vsprintf pointer extension '%pk'
#2: FILE: t_block.c:2:
+	MY_DEBUG(drv->foo,
+		 "%pk",
+		 foo->boo);

total: 0 errors, 1 warnings, 5 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

t_block.c has style problems, please review.

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

View attachment "cp_vsp.diff" of type "text/x-patch" (1301 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ