lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 17 Jan 2024 21:54:19 +0000
From: "Keller, Jacob E" <jacob.e.keller@...el.com>
To: Dan Carpenter <dan.carpenter@...aro.org>
CC: Julia Lawall <Julia.Lawall@...6.fr>, Kees Cook <keescook@...omium.org>,
	"Gustavo A . R . Silva" <gustavoars@...nel.org>, "cocci@...teme.lip6.fr"
	<cocci@...teme.lip6.fr>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, Harshit Mogalapalli
	<harshit.m.mogalapalli@...il.com>
Subject: RE: [PATCH] coccinelle: semantic patch to check for potential
 struct_size calls



> -----Original Message-----
> From: Dan Carpenter <dan.carpenter@...aro.org>
> Sent: Monday, January 15, 2024 11:03 PM
> To: Keller, Jacob E <jacob.e.keller@...el.com>
> Cc: Julia Lawall <Julia.Lawall@...6.fr>; Kees Cook <keescook@...omium.org>;
> Gustavo A . R . Silva <gustavoars@...nel.org>; cocci@...teme.lip6.fr; linux-
> kernel@...r.kernel.org; Harshit Mogalapalli <harshit.m.mogalapalli@...il.com>
> Subject: Re: [PATCH] coccinelle: semantic patch to check for potential struct_size
> calls
> 
> What happened to this patch?  These sorts of patches go through Kees?
> 

No one replied and I got side tracked by other projects.

> Also it would be nice if it could handle char arrays.  It doesn't warn
> for the kmalloc in dg_dispatch_as_host():
> 
Yea it would be nice to handle this too.

> drivers/misc/vmw_vmci/vmci_datagram.c
>    227                          dg_info = kmalloc(sizeof(*dg_info) +
>    228                                      (size_t) dg->payload_size, GFP_ATOMIC);
> 
> The Cocci check is looking specifically for:
> 
> 	sizeof(*dg_info) + (sizeof(*dg_info->msg_payload) * dg->payload_size)
> 

I think that's a slightly different formulation.

> But since this flex array is u8 there is no multiply.  I don't know how
> are it is to add support for char arrays...
> 

A separate rule would work.

> Also another common way to write the multiply is:
> 
> 	sizeof(*dg_info) + (sizeof(dg_info->msg_payload[0]) * dg->payload_size)
> 
> That should be pretty straight forward to add.
> 
> regards,
> dan carpenter
> 

Mostly I just lost track of this because I struggled to get traction in the right lists and trees.

Thanks,
Jake

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ