lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e34b7e26-6f07-19b6-39ad-e3bc939551fc@linux.com>
Date:   Wed, 17 Jun 2020 13:55:47 +0300
From:   Denis Efremov <efremov@...ux.com>
To:     "Gustavo A. R. Silva" <garsilva@...eddedor.com>,
        Kees Cook <keescook@...omium.org>
Cc:     Julia Lawall <Julia.Lawall@...6.fr>, cocci@...teme.lip6.fr,
        linux-kernel@...r.kernel.org
Subject: Re: [Cocci] [PATCH] coccinelle: misc: add array_size_dup script to
 detect missed overlow checks


> 
> Awesome! I'll take a look into this. :)
> 
Here is another script for your #83 ticket.
Currently, it issues 598 warnings.

// SPDX-License-Identifier: GPL-2.0-only
///
/// Check for missing overflow checks in allocation functions.
/// Low confidence because it's pointless to check for overflow
/// relatively small allocations.
///
// Confidence: Low
// Copyright: (C) 2020 Denis Efremov ISPRAS
// Options: --no-includes --include-headers

virtual patch
virtual context
virtual org
virtual report

@depends on patch@
expression E1, E2, E3, E4, size;
@@

(
- size = E1 * E2;
+ size = array_size(E1, E2);
|
- size = E1 * E2 * E3;
+ size = array3_size(E1, E2, E3);
|
- size = E1 * E2 + E3;
+ size = struct_size(E1, E2, E3);
)
  ... when != size = E4
      when != size += E4
      when != size -= E4
      when != size *= E4
      when != &size
  \(kmalloc\|krealloc\|kzalloc\|kzalloc_node\|
    vmalloc\|vzalloc\|vzalloc_node\|
    kvmalloc\|kvzalloc\|kvzalloc_node\|
    sock_kmalloc\|
    f2fs_kmalloc\|f2fs_kzalloc\|f2fs_kvmalloc\|f2fs_kvzalloc\|
    devm_kmalloc\|devm_kzalloc\)
  (..., size, ...)

@r depends on !patch@
expression E1, E2, E3, E4, size;
position p;
@@

(
* size = E1 * E2;@p
|
* size = E1 * E2 * E3;@p
|
* size = E1 * E2 + E3;@p
)
  ... when != size = E4
      when != size += E4
      when != size -= E4
      when != size *= E4
      when != &size
* \(kmalloc\|krealloc\|kzalloc\|kzalloc_node\|
    vmalloc\|vzalloc\|vzalloc_node\|
    kvmalloc\|kvzalloc\|kvzalloc_node\|
    sock_kmalloc\|
    f2fs_kmalloc\|f2fs_kzalloc\|f2fs_kvmalloc\|f2fs_kvzalloc\|
    devm_kmalloc\|devm_kzalloc\)
  (..., size, ...)

@script:python depends on report@
p << r.p;
@@

coccilib.report.print_report(p[0], "WARNING: missing overflow check")

@script:python depends on org@
p << r.p;
@@

coccilib.org.print_todo(p[0], "WARNING: missing overflow check")

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ