[PATCH v2 07/20] randstruct: Whitelist big_key path struct overloading
From: Kees Cook
Date: Fri May 26 2017 - 21:50:15 EST
The big_key payload structure intentionally stores a struct path in
two void pointers to avoid header soup. Whitelist this case:
security/keys/big_key.c: In function âbig_key_readâ:
security/keys/big_key.c:293:16: note: found mismatched rhs struct pointer types: âstruct pathâ and âvoid *â
struct path *path = (struct path *)&key->payload.data[big_key_path];
^~~~
Cc: David Howells <dhowells@xxxxxxxxxx>
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
scripts/gcc-plugins/randomize_layout_plugin.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c
index bf110915a5aa..5f4e59a78eeb 100644
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -45,6 +45,8 @@ struct whitelist_entry {
static const struct whitelist_entry whitelist[] = {
/* unix_skb_parms via UNIXCB() buffer */
{ "net/unix/af_unix.c", "unix_skb_parms", "char" },
+ /* big_key payload.data struct splashing */
+ { "security/keys/big_key.c", "path", "void *" },
/* walk struct security_hook_heads as an array of struct list_head */
{ "security/security.c", "list_head", "security_hook_heads" },
{ }
--
2.7.4