leaking_addresses: add range check for vsyscall memory

Currently script checks only first and last address in the vsyscall
memory range. We can do better than this. When checking for false
positives against $match, we can convert $match to a hexadecimal value
then check if it lies within the range of vsyscall addresses.

Check whole range of vsyscall addresses when checking for false
positive.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
This commit is contained in:
Tobin C. Harding 2017-12-07 12:33:21 +11:00
parent 15d60a35b8
commit 87e3758856
1 changed files with 14 additions and 6 deletions

View File

@ -19,6 +19,7 @@ use Cwd 'abs_path';
use Term::ANSIColor qw(:constants); use Term::ANSIColor qw(:constants);
use Getopt::Long qw(:config no_auto_abbrev); use Getopt::Long qw(:config no_auto_abbrev);
use Config; use Config;
use bigint qw/hex/;
my $P = $0; my $P = $0;
my $V = '0.01'; my $V = '0.01';
@ -195,17 +196,24 @@ sub is_false_positive
return 1; return 1;
} }
if (is_x86_64()) { if (is_x86_64() and is_in_vsyscall_memory_region($match)) {
# vsyscall memory region, we should probably check against a range here. return 1;
if ($match =~ '\bf{10}600000\b' or
$match =~ '\bf{10}601000\b') {
return 1;
}
} }
return 0; return 0;
} }
sub is_in_vsyscall_memory_region
{
my ($match) = @_;
my $hex = hex($match);
my $region_min = hex("0xffffffffff600000");
my $region_max = hex("0xffffffffff601000");
return ($hex >= $region_min and $hex <= $region_max);
}
# True if argument potentially contains a kernel address. # True if argument potentially contains a kernel address.
sub may_leak_address sub may_leak_address
{ {