Re: [Cocci] [PATCH] coccicheck: add a test for repeat copy_from_user
From: Kees Cook
Date: Mon Jan 09 2017 - 17:02:25 EST
On Mon, Jan 9, 2017 at 12:56 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> On Mon, Jan 9, 2017 at 11:08 AM, Julia Lawall <julia.lawall@xxxxxxx> wrote:
>>
>> On Mon, 9 Jan 2017, Vaishali Thakkar wrote:
>>
>>> Here, may be we should add few more lines from Pengfei's
>>> script to avoid th potential FPs.
>>
>> Which lines (I don't have it handy)?
>
> I'm going to compare
> https://github.com/wpengfei/double_fetch_cocci/blob/master/pattern_match_linux.cocci
> to my original one, add your improvements and see what I get...
Okay, I finally had time to look at this. Pengfei added two other
logical cases that should be checked for, IIUC:
1) destination alias checking (with assignment either before or after
the first copy_from_user):
struct thing object;
struct thing *pointer = &object;
copy_from_user(..., &object);
...
copy_from_user(..., pointer);
2) field writes (via . or ->, instead of short writes):
struct thing object;
copy_from_user(..., &object.field);
...
copy_from_user(..., &object);
It'd probably better to convert Pengfei's into being able to run under
the coccicheck target.
-Kees
--
Kees Cook
Nexus Security