| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1512458664.6321.71.camel@perches.com>
Date: Mon, 04 Dec 2017 23:24:24 -0800
From: Joe Perches <joe@...ches.com>
To: "Tobin C. Harding" <me@...in.cc>,
Andrew Morton <akpm@...ux-foundation.org>
Cc: Andy Whitcroft <apw@...onical.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] checkpatch: warn for use of %px
On Tue, 2017-12-05 at 08:17 +1100, Tobin C. Harding wrote:
> Usage of the new %px specifier potentially leaks sensitive
> inforamtion. Printing kernel addresses exposes the kernel layout in
information
> memory, this is potentially exploitable. We have tools in the kernel to
> help us do the right thing. We can have checkpatch warn developers of
> potential dangers of using %px.
>
> Have checkpatch emit a warning for usage of specifier %px.
>
> Suggested-by: Andrew Morton <akpm@...ux-foundation.org>
> Signed-off-by: Tobin C. Harding <me@...in.cc>
> Co-Developed-by: Joe Perches <joe@...ches.com>
>
> ---
>
> Joe,
>
> Are you happy with this tagging? Needs your signed-off-by still.
Maybe with a few corrections (below)
>
> Andrew,
>
> Is it okay to add your Suggested-by tag here?
>
> I'm not entirely sure when one is supposed to add someones signed-off-by
> tag since the docs state that it should not be added without
> permission. I am also unsure where/when is the best time to request this
> permission.
[]
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
[]
> @@ -1612,6 +1612,17 @@ sub raw_line {
> return $line;
> }
>
> +sub stat_real {
> + my ($linenr, $lc) = @_;
> +
> + my $stat_real = raw_line($linenr, 0);
> + for (my $count = $linenr + 1; $count <= $lc; $count++) {
> + $stat_real = $stat_real . "\n" . raw_line($count, 0);
> + }
> +
> + return $stat_real;
> +}
If you are going to make a subroutine of this
there are some other places it could be used too.
> +
> sub cat_vet {
> my ($vet) = @_;
> my ($res, $coded);
> @@ -5747,24 +5758,35 @@ sub process {
> defined $stat &&
> $stat =~ /^\+(?![^\{]*\{\s*).*\b(\w+)\s*\(.*$String\s*,/s &&
> $1 !~ /^_*volatile_*$/) {
> - my $bad_extension = "";
> + my ($specifier, $extension, $stat_real);
My preference is not to define multiple variables on a single line.
I'd rather have:
my $specifier;
my $extension;
my $stat_real;
> + my $bad_specifier = "";
> my $lc = $stat =~ tr@\n@@;
> $lc = $lc + $linenr;
> for (my $count = $linenr; $count <= $lc; $count++) {
> my $fmt = get_quoted_string($lines[$count - 1], raw_line($count, 0));
> $fmt =~ s/%%//g;
> - if ($fmt =~ /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGNOx]).)/) {
> - $bad_extension = $1;
> - last;
> +
> + while ($fmt =~ /(\%[\*\d\.]*p(\w))/g) {
> + $specifier = $1;
> + $extension = $2;
> + if ($extension !~ /[FfSsBKRraEhMmIiUDdgVCbGNOx]/) {
> + $bad_specifier = $specifier;
> + last;
> + }
> + if ($extension eq "x" && !defined($stat_real)) {
> + if (!defined($stat_real)) {
> + $stat_real = stat_real($linenr, $lc);
> + }
> + WARN("VSPRINTF_SPECIFIER_PX",
> + "Using vsprintf specifier '\%px' potentially exposes the kernel layout in memory, if you don't _realy_ need the address please consider using '\%p'.\n" . "$here\n$stat_real\n");
"kernel memory layout" not "kernel layout in memory"
"really" not "_realy_"
Powered by blists - more mailing lists