lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <15ea5ace-db96-4839-8376-b885cf32c6d5@kadam.mountain>
Date:   Thu, 3 Aug 2023 16:25:28 +0300
From:   Dan Carpenter <dan.carpenter@...aro.org>
To:     Simon Horman <horms@...nel.org>
Cc:     Ratheesh Kannoth <rkannoth@...vell.com>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, sgoutham@...vell.com,
        lcherian@...vell.com, gakula@...vell.com, jerinj@...vell.com,
        hkelam@...vell.com, sbhatta@...vell.com, davem@...emloft.net,
        edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
        jhs@...atatu.com, xiyou.wangcong@...il.com, jiri@...nulli.us
Subject: Re: [PATCH v1 net-next 2/4] tc: flower: support for SPI

Done.  :)  That false positive has been bothering me for a while so it's
nice to have it fixed.  I'll test this out for a bit before pushing.

regards,
dan carpenter

diff --git a/check_index_overflow.c b/check_index_overflow.c
index 19ea4354029b..644310ae837c 100644
--- a/check_index_overflow.c
+++ b/check_index_overflow.c
@@ -160,6 +160,43 @@ free:
 	return ret;
 }
 
+static unsigned long __TCA_FLOWER_MAX(void)
+{
+	struct symbol *sym;
+	struct ident *id;
+	sval_t sval;
+
+	id = built_in_ident("__TCA_FLOWER_MAX");
+	sym = lookup_symbol(id, NS_SYMBOL);
+	if (!sym)
+		return 0;
+	if (!get_value(sym->initializer, &sval))
+		return 0;
+	return sval.value;
+}
+
+static bool is_out_of_sync_nla_tb(struct expression *array_expr, struct expression *offset)
+{
+	sval_t sval;
+	char *type;
+
+	if (option_project != PROJ_KERNEL)
+		return false;
+
+	if (!get_value(offset, &sval))
+		return false;
+	type = type_to_str(get_type(array_expr));
+	if (!type)
+		return false;
+	if (strcmp(type, "struct nlattr**") != 0)
+		return false;
+
+	if (sval.uvalue >= __TCA_FLOWER_MAX())
+		return false;
+
+	return true;
+}
+
 static int is_subtract(struct expression *expr)
 {
 	struct expression *tmp;
@@ -286,6 +323,9 @@ static int should_warn(struct expression *expr)
 	if (common_false_positives(array_expr, max))
 		return 0;
 
+	if (is_out_of_sync_nla_tb(array_expr, offset))
+		return 0;
+
 	if (impossibly_high_comparison(offset))
 		return 0;
 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ