-
Notifications
You must be signed in to change notification settings - Fork 115
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
config: add separate config for LKMs
Add a separate configuration file for Linux loadable kernel modules (LKMs). Use this one instead of the default configuration when analyzing an LKM and install it to the same location as the default configuration. Limit the checks that are executed to those that make sense in kernel space. Cases where an LKM is analyzed are recognized by checking if a relocatable object file contains the ".modinfo" and ".gnu.linkonce.this_module" sections. Multiple checks, e.g., CWE789, CWE416, and CWE134, require more work to function properly for LKMs. We mainly need to teach the cew_checker about the parameters and semantics of some functions. They are included, but effectively disabled since their configuration is empty. CWE467 actually works since the functions are called the same as in user space and thus Ghidra recognizes their parameters.
- Loading branch information
Valentin Obst
committed
Feb 27, 2024
1 parent
5436969
commit 05ef541
Showing
5 changed files
with
175 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
{ | ||
"CWE134": { | ||
"_comment": "Functions that take format string arguments.", | ||
"format_string_symbols": [], | ||
"format_string_index": {} | ||
}, | ||
"CWE190": { | ||
"symbols": [] | ||
}, | ||
"CWE215": { | ||
"symbols": [] | ||
}, | ||
"CWE416": { | ||
"_comment": "Functions that invalidate the pointer passed as the first argument.", | ||
"deallocation_symbols": [], | ||
"always_include_full_path_to_free_site": true | ||
}, | ||
"CWE457": { | ||
"symbols": [] | ||
}, | ||
"CWE467": { | ||
"_comment": "Any function that takes something of type `size_t` could be a possible candidate.", | ||
"symbols": [ | ||
"bcmp", | ||
"memchr", | ||
"memcmp", | ||
"memcpy", | ||
"memmove", | ||
"memscan", | ||
"memset", | ||
"memset16", | ||
"memset32", | ||
"memset64", | ||
"strlcat", | ||
"strlcpy", | ||
"strncasecmp", | ||
"strncat", | ||
"strnchr", | ||
"strnchrnul", | ||
"strncmp", | ||
"strncpy", | ||
"strnlen", | ||
"strnstr", | ||
"strscpy" | ||
] | ||
}, | ||
"CWE476": { | ||
"_comment": "Any function that possibly returns a NULL value.", | ||
"parameters": [ | ||
"strict_call_policy=true", | ||
"strict_memory_policy=false", | ||
"max_steps=100" | ||
], | ||
"symbols": [ | ||
"__kmalloc", | ||
"__kmalloc_node", | ||
"__kmalloc_node_track_caller", | ||
"__vcalloc", | ||
"kmalloc_large_node", | ||
"kmalloc_node_trace", | ||
"kmalloc_order", | ||
"kmalloc_order_trace", | ||
"kmalloc_trace", | ||
"kmem_cache_alloc_node", | ||
"kmem_cache_alloc_trace", | ||
"kmemdup", | ||
"kmemdup_nul", | ||
"krealloc", | ||
"kstrdup", | ||
"kstrdup_const", | ||
"kstrndup", | ||
"kvmalloc_node", | ||
"kvmemdup", | ||
"kvrealloc", | ||
"memdup_user_nul", | ||
"strndup_user", | ||
"vcalloc", | ||
"vmalloc_array", | ||
"vmemdup_user" | ||
] | ||
}, | ||
"CWE676": { | ||
"_comment": "https://github.com/01org/safestringlib/wiki/SDL-List-of-Banned-Functions", | ||
"symbols": [ | ||
"memcmp", | ||
"memcpy", | ||
"memmove", | ||
"memset", | ||
"strcat", | ||
"strcpy", | ||
"strlen", | ||
"strncat", | ||
"strncpy" | ||
] | ||
}, | ||
"CWE789": { | ||
"_comment": "Allocation functions that accept a size argument.", | ||
"stack_threshold": 7500, | ||
"heap_threshold": 1000000, | ||
"symbols": [] | ||
}, | ||
"Memory": { | ||
"allocation_symbols": [ | ||
"__kmalloc", | ||
"__kmalloc_node", | ||
"__kmalloc_node_track_caller", | ||
"__vcalloc", | ||
"kmalloc_large_node", | ||
"kmalloc_node_trace", | ||
"kmalloc_order", | ||
"kmalloc_order_trace", | ||
"kmalloc_trace", | ||
"kmem_cache_alloc_node", | ||
"kmem_cache_alloc_trace", | ||
"kmemdup", | ||
"kmemdup_nul", | ||
"krealloc", | ||
"kstrdup", | ||
"kstrdup_const", | ||
"kstrndup", | ||
"kvmalloc_node", | ||
"kvmemdup", | ||
"kvrealloc", | ||
"memdup_user_nul", | ||
"strndup_user", | ||
"vcalloc", | ||
"vmalloc_array", | ||
"vmemdup_user" | ||
] | ||
} | ||
} |