From 87e37588563da905a8506b8922cfba1d71382a64 Mon Sep 17 00:00:00 2001 From: "Tobin C. Harding" Date: Thu, 7 Dec 2017 12:33:21 +1100 Subject: [PATCH] leaking_addresses: add range check for vsyscall memory Currently script checks only first and last address in the vsyscall memory range. We can do better than this. When checking for false positives against $match, we can convert $match to a hexadecimal value then check if it lies within the range of vsyscall addresses. Check whole range of vsyscall addresses when checking for false positive. Signed-off-by: Tobin C. Harding --- scripts/leaking_addresses.pl | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index 31cf54a..398e534 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -19,6 +19,7 @@ use Cwd 'abs_path'; use Term::ANSIColor qw(:constants); use Getopt::Long qw(:config no_auto_abbrev); use Config; +use bigint qw/hex/; my $P = $0; my $V = '0.01'; @@ -195,17 +196,24 @@ sub is_false_positive return 1; } - if (is_x86_64()) { - # vsyscall memory region, we should probably check against a range here. - if ($match =~ '\bf{10}600000\b' or - $match =~ '\bf{10}601000\b') { - return 1; - } + if (is_x86_64() and is_in_vsyscall_memory_region($match)) { + return 1; } return 0; } +sub is_in_vsyscall_memory_region +{ + my ($match) = @_; + + my $hex = hex($match); + my $region_min = hex("0xffffffffff600000"); + my $region_max = hex("0xffffffffff601000"); + + return ($hex >= $region_min and $hex <= $region_max); +} + # True if argument potentially contains a kernel address. sub may_leak_address { -- 2.7.4