| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Jun 2020 23:48:46 +0300
From: Denis Efremov <efremov@...ux.com>
To: Julia Lawall <Julia.Lawall@...6.fr>
Cc: Denis Efremov <efremov@...ux.com>, Joe Perches <joe@...ches.com>,
cocci@...teme.lip6.fr, linux-kernel@...r.kernel.org
Subject: [PATCH v2] coccinelle: api: add kzfree script
Check for memset()/memset_explicit() with 0 followed by
kfree()/vfree()/kvfree().
Signed-off-by: Denis Efremov <efremov@...ux.com>
---
Changes in v2:
- memset_explicit() added
- kvfree_sensitive() added
- forall added to r1
- ... between memset and kfree added
Unfortunately, it doesn't work as I would expect it to in "patch"
mode. I've added my comment about it in the rule. It can be safely
removed from the patch if I misunderstood something.
Another "strange" behaviour that I faced that r2 rule works only if I
write 2 expression lines:
expression *E;
expression size;
If I try to use a single line "expression *E, size;" then r2 matches nothing.
scripts/coccinelle/api/kzfree.cocci | 65 +++++++++++++++++++++++++++++
1 file changed, 65 insertions(+)
create mode 100644 scripts/coccinelle/api/kzfree.cocci
diff --git a/scripts/coccinelle/api/kzfree.cocci b/scripts/coccinelle/api/kzfree.cocci
new file mode 100644
index 000000000000..5c7e4bb13bb7
--- /dev/null
+++ b/scripts/coccinelle/api/kzfree.cocci
@@ -0,0 +1,65 @@
+// SPDX-License-Identifier: GPL-2.0-only
+///
+/// Use kzfree, kvfree_sensitive rather than memset or
+/// memset_explicit with 0 followed by kfree
+///
+// Confidence: High
+// Copyright: (C) 2020 Denis Efremov ISPRAS
+// Options: --no-includes --include-headers
+//
+// Keywords: kzfree, kvfree_sensitive
+//
+
+virtual context
+virtual patch
+virtual org
+virtual report
+
+
+// Ignore kzfree definition
+// Ignore kasan test
+@r depends on !patch && !(file in "lib/test_kasan.c") && !(file in "mm/slab_common.c") forall@
+expression *E;
+position p;
+@@
+
+* \(memset\|memset_explicit\)(E, 0, ...);
+ ... when != E
+ when strict
+* \(kfree\|vfree\|kvfree\)(E)@p;
+
+@r1 depends on patch && !(file in "lib/test_kasan.c") && !(file in "mm/slab_common.c")@
+expression *E;
+expression size;
+@@
+
+- \(memset\|memset_explicit\)(E, 0, size);
+/// Unfortunately, it doesn't work as in !patch mode.
+/// spatch (v1.0.8) should patch 4 functions in linux 5.7 with this rule
+/// and uncommented "when" lines. With only "... when != E" line 2 functions
+/// are patched, none with "when strict". 3 functions patch is produced by the
+/// rule with "when" lines commented out.
+// ... when != E
+// when strict
+(
+- kfree(E);
++ kzfree(E);
+|
+- vfree(E);
++ kvfree_sensitive(E, size);
+|
+- kvfree(E);
++ kvfree_sensitive(E, size);
+)
+
+@...ipt:python depends on report@
+p << r.p;
+@@
+
+coccilib.report.print_report(p[0], "WARNING opportunity for kzfree/kvfree_sensitive")
+
+@...ipt:python depends on org@
+p << r.p;
+@@
+
+coccilib.org.print_todo(p[0], "WARNING opportunity for kzfree/kvfree_sensitive")
--
2.26.2
Powered by blists - more mailing lists