| Message ID | 1486783428.2192.44.camel@perches.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
> -----Original Message----- > From: Joe Perches [mailto:joe@perches.com] > Sent: Friday, February 10, 2017 7:24 PM > To: Roberts, William C <william.c.roberts@intel.com>; linux- > kernel@vger.kernel.org; apw@canonical.com > Cc: kernel-hardening@lists.openwall.com > Subject: Re: [PATCH] checkpatch: add warning on %pk instead of %pK usage > > On Sat, 2017-02-11 at 01:32 +0000, Roberts, William C wrote: > > <snip> > > > > By "normal" I'm referring to things that call into pointer(), just > > > > casually looking I see bstr_printf vsnprintf kvasprintf, which > > > > would be easy enough to add > > > > > > > > > What do you think is missing? sn?printf ? That's easy to add. > > > > > > > > The problem starts to get hairy when we think of how often folks > > > > roll their own logging macros (see some small sampling at the end). > > > > > > > > I think we would want to add DEBUG DBG and sn?printf and maybe > > > > consider dropping the \b on the regex so it's a bit more matchy > > > > but still shouldn't end up matching on any ASM as you pointed out in the V2 > nack. > > > > > > > > Ill break this down into: > > > > 1. the patch as I know you'll take it, as you wrote it :-P 2. > > > > Adding to the logging macros 3. exploring making it less matchy > > > > -Kees and Andrew they likely don't care about the rest of this... > > > > I have been working up a regex (I suck at these) to match C functions > > that have an invalid %p format string and take arguments: > > http://www.regexr.com/3f92k > > > > This could be a way to get better coverage in a more generic approach, > thoughts? > > Maybe this: (attached too because Evolution is a bad email client) > > It's still kind of hacky, but it does find multiple line statements like: > > + printf(KERN_INFO > + "a %pX", > + foo); > I downloaded your checkpatch.pl patch wouldn't apply for some reason... I applied it by hand and couldn't get it to trigger on either the case you show above or below: + MY_DEBUG(drv->foo, + "%pk", + foo->boo); + > --- > Subject: [PATCH] checkpatch: Add ability to find bad uses of vsprintf %p > extensions > > %pK was at least once misused at %pk in an out-of-tree module. > This lead to some security concerns. Add the ability to track single and multiple > line statements for misuses of %p. > > Signed-off-by: Joe Perches > --- > scripts/checkpatch.pl | 26 ++++++++++++++++++++++++++ > 1 file changed, 26 insertions(+) > > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index > ad5ea5c545b2..0eaf6b8580d6 100755 > --- a/scripts/checkpatch.pl > +++ b/scripts/checkpatch.pl > @@ -5676,6 +5676,32 @@ sub process { > } > } > > + # check for vsprintf extension %p misuses > + if ($^V && $^V ge 5.10.0 && > + defined $stat && > + $stat =~ /^\+(?![^\{]*\{\s*).*\b(\w+)\s*\(.*$String\s*,/s && > + $1 !~ /^_*volatile_*$/) { > + my $bad_extension = ""; > + my $lc = $stat =~ tr@\n@@; > + $lc = $lc + $linenr; > + for (my $count = $linenr; $count <= $lc; $count++) { > + my $fmt = get_quoted_string($lines[$count - 1], > raw_line($count, 0)); > + $fmt =~ s/%%//g; > + if ($fmt =~ > /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGN]).)/) { > + $bad_extension = $1; > + last; > + } > + } > + if ($bad_extension ne "") { > + my $stat_real = raw_line($linenr, 0); > + for (my $count = $linenr + 1; $count <= $lc; > $count++) { > + $stat_real = $stat_real . "\n" . > raw_line($count, 0); > + } > + WARN("VSPRINTF_POINTER_EXTENSION", > + "Invalid vsprintf pointer extension > '$bad_extension'\n" . "$here\n$stat_real\n"); > + } > + } > + > # Check for misused memsets > if ($^V && $^V ge 5.10.0 && > defined $stat && > -- Mixed tabs/spaces issues. But I like the concept of matching across multiple lines. My tree was set to: commit 7089db84e356562f8ba737c29e472cc42d530dbc Author: Linus Torvalds <torvalds@linux-foundation.org> Date: Sun Feb 12 13:03:20 2017 -0800 Linux 4.10-rc8 $ git apply --check ~/Downloads/0001-checkpatch-Add-ability-to-find-bad-uses-of-vsprintf-.patch error: patch failed: scripts/checkpatch.pl:5676 error: scripts/checkpatch.pl: patch does not apply
From 3bd6868711efeb587c5c48e060c415a150fccaca Mon Sep 17 00:00:00 2001 Message-Id: <3bd6868711efeb587c5c48e060c415a150fccaca.1486783224.git.joe@perches.com> From: Joe Perches <joe@perches.com> Date: Fri, 10 Feb 2017 19:17:42 -0800 Subject: [PATCH] checkpatch: Add ability to find bad uses of vsprintf %p<foo> extensions %pK was at least once misused at %pk in an out-of-tree module. This lead to some security concerns. Add the ability to track single and multiple line statements for misuses of %p<foo>. Signed-off-by: Joe Perches <joe@perches.com> --- scripts/checkpatch.pl | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index ad5ea5c545b2..0eaf6b8580d6 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -5676,7 +5676,32 @@ sub process { } } + # check for vsprintf extension %p<foo> misuses + if ($^V && $^V ge 5.10.0 && + defined $stat && + $stat =~ /^\+(?![^\{]*\{\s*).*\b(\w+)\s*\(.*$String\s*,/s && + $1 !~ /^_*volatile_*$/) { + my $bad_extension = ""; + my $lc = $stat =~ tr@\n@@; + $lc = $lc + $linenr; + for (my $count = $linenr; $count <= $lc; $count++) { + my $fmt = get_quoted_string($lines[$count - 1], raw_line($count, 0)); + $fmt =~ s/%%//g; + if ($fmt =~ /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGN]).)/) { + $bad_extension = $1; + last; + } + } + if ($bad_extension ne "") { + my $stat_real = raw_line($linenr, 0); + for (my $count = $linenr + 1; $count <= $lc; $count++) { + $stat_real = $stat_real . "\n" . raw_line($count, 0); + } + WARN("VSPRINTF_POINTER_EXTENSION", + "Invalid vsprintf pointer extension '$bad_extension'\n" . "$here\n$stat_real\n"); + } + } + # Check for misused memsets if ($^V && $^V ge 5.10.0 && defined $stat && -- 2.10.0.rc2.1.g053435c