| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Jun 2020 22:08:19 +0200 (CEST)
From: Julia Lawall <julia.lawall@...ia.fr>
To: Denis Efremov <efremov@...ux.com>
cc: "Gustavo A. R. Silva" <garsilva@...eddedor.com>,
Kees Cook <keescook@...omium.org>, cocci@...teme.lip6.fr,
linux-kernel@...r.kernel.org
Subject: Re: [Cocci] [PATCH] coccinelle: misc: add array_size_dup script to
detect missed overlow checks
On Wed, 17 Jun 2020, Denis Efremov wrote:
>
> >
> > Awesome! I'll take a look into this. :)
> >
> Here is another script for your #83 ticket.
> Currently, it issues 598 warnings.
>
> // SPDX-License-Identifier: GPL-2.0-only
> ///
> /// Check for missing overflow checks in allocation functions.
> /// Low confidence because it's pointless to check for overflow
> /// relatively small allocations.
> ///
> // Confidence: Low
> // Copyright: (C) 2020 Denis Efremov ISPRAS
> // Options: --no-includes --include-headers
>
> virtual patch
> virtual context
> virtual org
> virtual report
>
> @depends on patch@
> expression E1, E2, E3, E4, size;
> @@
>
> (
> - size = E1 * E2;
> + size = array_size(E1, E2);
> |
> - size = E1 * E2 * E3;
> + size = array3_size(E1, E2, E3);
> |
> - size = E1 * E2 + E3;
> + size = struct_size(E1, E2, E3);
Should the arguments be checked to see if they have something to do with
arrays and structures?
> )
> ... when != size = E4
> when != size += E4
> when != size -= E4
> when != size *= E4
Here you can have a metavariable
assignment operator aop;
and then say size aop E4
It doesn't really look like an assignment any more, but it could be a
little safer.
julia
> when != &size
> \(kmalloc\|krealloc\|kzalloc\|kzalloc_node\|
> vmalloc\|vzalloc\|vzalloc_node\|
> kvmalloc\|kvzalloc\|kvzalloc_node\|
> sock_kmalloc\|
> f2fs_kmalloc\|f2fs_kzalloc\|f2fs_kvmalloc\|f2fs_kvzalloc\|
> devm_kmalloc\|devm_kzalloc\)
> (..., size, ...)
>
> @r depends on !patch@
> expression E1, E2, E3, E4, size;
> position p;
> @@
>
> (
> * size = E1 * E2;@p
> |
> * size = E1 * E2 * E3;@p
> |
> * size = E1 * E2 + E3;@p
> )
> ... when != size = E4
> when != size += E4
> when != size -= E4
> when != size *= E4
> when != &size
> * \(kmalloc\|krealloc\|kzalloc\|kzalloc_node\|
> vmalloc\|vzalloc\|vzalloc_node\|
> kvmalloc\|kvzalloc\|kvzalloc_node\|
> sock_kmalloc\|
> f2fs_kmalloc\|f2fs_kzalloc\|f2fs_kvmalloc\|f2fs_kvzalloc\|
> devm_kmalloc\|devm_kzalloc\)
> (..., size, ...)
>
> @script:python depends on report@
> p << r.p;
> @@
>
> coccilib.report.print_report(p[0], "WARNING: missing overflow check")
>
> @script:python depends on org@
> p << r.p;
> @@
>
> coccilib.org.print_todo(p[0], "WARNING: missing overflow check")
> _______________________________________________
> Cocci mailing list
> Cocci@...teme.lip6.fr
> https://systeme.lip6.fr/mailman/listinfo/cocci
>
Powered by blists - more mailing lists