| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6ee33330-134c-4bdd-a5eb-e8ff0db6cc8b@moroto.mountain> Date: Tue, 16 Jan 2024 10:03:20 +0300 From: Dan Carpenter <dan.carpenter@...aro.org> To: Jacob Keller <jacob.e.keller@...el.com> Cc: Julia Lawall <Julia.Lawall@...6.fr>, Kees Cook <keescook@...omium.org>, "Gustavo A . R . Silva" <gustavoars@...nel.org>, cocci@...teme.lip6.fr, linux-kernel@...r.kernel.org, Harshit Mogalapalli <harshit.m.mogalapalli@...il.com> Subject: Re: [PATCH] coccinelle: semantic patch to check for potential struct_size calls What happened to this patch? These sorts of patches go through Kees? Also it would be nice if it could handle char arrays. It doesn't warn for the kmalloc in dg_dispatch_as_host(): drivers/misc/vmw_vmci/vmci_datagram.c 227 dg_info = kmalloc(sizeof(*dg_info) + 228 (size_t) dg->payload_size, GFP_ATOMIC); The Cocci check is looking specifically for: sizeof(*dg_info) + (sizeof(*dg_info->msg_payload) * dg->payload_size) But since this flex array is u8 there is no multiply. I don't know how are it is to add support for char arrays... Also another common way to write the multiply is: sizeof(*dg_info) + (sizeof(dg_info->msg_payload[0]) * dg->payload_size) That should be pretty straight forward to add. regards, dan carpenter
Powered by blists - more mailing lists