Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jL7yxWQ=0uG6SwDnXAxFytkso1kDKGAGN81FBnyd2qSXg@mail.gmail.com>
Date: Mon, 27 Feb 2017 13:18:14 -0800
From: Kees Cook <keescook@...omium.org>
To: Joe Perches <joe@...ches.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>, Andy Whitcroft <apw@...onical.com>, 
	"Roberts, William C" <william.c.roberts@...el.com>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] checkpatch: Add ability to find bad
 uses of vsprintf %p<foo> extensions

On Mon, Feb 27, 2017 at 12:54 PM, Joe Perches <joe@...ches.com> wrote:
> %pK was at least once misused at %pk in an out-of-tree module.
> This lead to some security concerns.  Add the ability to track
> single and multiple line statements for misuses of %p<foo>.
>
> Signed-off-by: Joe Perches <joe@...ches.com>

Acked-by: Kees Cook <keescook@...omium.org>

-Kees

> ---
>
> Andrew, this has gone back and forth a few times.
>
> It's imperfect as a patch context with just a single
> function addition can be missed, but that's not new
> with $stat tests and just this patch.  Perhaps one day
> the $stat identification mechanism can be improved.
>
> Until then, can you please apply this?  Thanks.
>
>  scripts/checkpatch.pl | 26 ++++++++++++++++++++++++++
>  1 file changed, 26 insertions(+)
>
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index ad5ea5c545b2..9293b8a1c121 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -5676,6 +5676,32 @@ sub process {
>                         }
>                 }
>
> +               # check for vsprintf extension %p<foo> misuses
> +               if ($^V && $^V ge 5.10.0 &&
> +                   defined $stat &&
> +                   $stat =~ /^\+(?![^\{]*\{\s*).*\b(\w+)\s*\(.*$String\s*,/s &&
> +                   $1 !~ /^_*volatile_*$/) {
> +                       my $bad_extension = "";
> +                       my $lc = $stat =~ tr@\n@@;
> +                       $lc = $lc + $linenr;
> +                       for (my $count = $linenr; $count <= $lc; $count++) {
> +                               my $fmt = get_quoted_string($lines[$count - 1], raw_line($count, 0));
> +                               $fmt =~ s/%%//g;
> +                               if ($fmt =~ /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGN]).)/) {
> +                                       $bad_extension = $1;
> +                                       last;
> +                               }
> +                       }
> +                       if ($bad_extension ne "") {
> +                               my $stat_real = raw_line($linenr, 0);
> +                               for (my $count = $linenr + 1; $count <= $lc; $count++) {
> +                                       $stat_real = $stat_real . "\n" . raw_line($count, 0);
> +                               }
> +                               WARN("VSPRINTF_POINTER_EXTENSION",
> +                                    "Invalid vsprintf pointer extension '$bad_extension'\n" . "$here\n$stat_real\n");
> +                       }
> +               }
> +
>  # Check for misused memsets
>                 if ($^V && $^V ge 5.10.0 &&
>                     defined $stat &&
> --
> 2.10.0.rc2.1.g053435c
>



-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.