lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 08 Jul 2019 22:57:56 -0700
From:   Joe Perches <joe@...ches.com>
To:     NitinGote <nitin.r.gote@...el.com>, akpm@...ux-foundation.org
Cc:     corbet@....net, apw@...onical.com, keescook@...omium.org,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
        kernel-hardening@...ts.openwall.com
Subject: Re: [PATCH v2] Added warnings in checkpatch.pl script to :

On Tue, 2019-07-09 at 11:10 +0530, NitinGote wrote:
> From: Nitin Gote <nitin.r.gote@...el.com>
> 
> 1. Deprecate strcpy() in favor of strscpy().
> 2. Deprecate strlcpy() in favor of strscpy().
> 3. Deprecate strncpy() in favor of strscpy() or strscpy_pad().
> 
> Updated strncpy() section in Documentation/process/deprecated.rst
> to cover strscpy_pad() case.
> 
> Acked-by: Kees Cook <keescook@...omium.org>

Kees, I think the concept is fine, but perhaps your
acked-by here isn't great.  There are a few clear
defects in the checkpatch code that you also might
have overlooked.

>  Change log:
>  v1->v2
>  - For string related apis, created different %deprecated_string_api
>    and these will get emitted at CHECK Level using command line option
>    -f/--file to avoid bad patched from novice script users.
> 

[]
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl

[]
> @@ -605,6 +605,21 @@ foreach my $entry (keys %deprecated_apis) {
>  }
>  $deprecated_apis_search = "(?:${deprecated_apis_search})";
> 
> +our %deprecated_string_apis = (
> +        "strcpy"                                => "strscpy",
> +        "strlcpy"                               => "strscpy",
> +        "strncpy"                               => "strscpy, strscpy_pad or for non-NUL-terminated strings,
> +         strncpy() can still be used, but destinations should be marked with the __nonstring",

This last strncpy line should not be on multiple lines.
checkpatch output is single line.

[]

> @@ -6446,6 +6461,16 @@ sub process {
>  			     "Deprecated use of '$deprecated_api', prefer '$new_api' instead\n" . $herecurr);
>  		}
> 
> +# check for string deprecated apis
> +                if ($line =~ /\b($deprecated_string_apis_search)\b\s*\(/) {
> +                        my $deprecated_string_api = $1;
> +                        my $new_api = $deprecated_string_apis{$deprecated_string_api};
> +			$check = 1;
> +                        CHK("DEPRECATED_API",
> +                             "Deprecated use of '$deprecated_string_api', prefer '$new_api' instead\n" . $herecurr);
> +			$check = 0;

nack.

Please use consistent tab indentation and no,
do not set and unset $check.

Please use the same style as the rest of the script
when emitting at different levels for -f uses

			my $msg_level = \&WARN;
			$msg_level = \&CHK if ($file);
			&{$msg_level}("DEPRECATED_API", etc...


Powered by blists - more mailing lists