Hi, On Fri, Oct 08, 2010 at 07:36:00AM +0200, Julia Lawall wrote: > On Thu, 7 Oct 2010, Kees Cook wrote: > > I'd like to find all the occurrences of copy_from_user() where the target > > is a pointer, but the length is not strictly a sizeof() for the pointer's > > type. > > sizeof(N) matches sizeof N via an isomorphism. You can see what will > really be matched by typing spatch -parse_cocci foo.cocci
Ah! Yes, I must have confused myself earlier. This works as expected for me now. :) > This one it doesn't help with. I think you will just have to repeats the > two cases. Perhaps without the sizeof problem this will be less > bothersome :) > [snip] > You could have done the whole thing in just one rule: > > @@ > @@ > > ( > copy_from_user(with_good_arguments) > | > * copy_from_user(...) > ) Thank you for all the feedback. Yes, as a single rule, this is much easier to write out the multiple cases. This works exactly how I wanted, so far: @@ identifier e; type T; T *i; @@ ( copy_from_user(&e, ..., sizeof(e)) | copy_from_user(e, ..., sizeof(*e)) | copy_from_user(i, ..., sizeof(T)) | * copy_from_user(...) ) Thanks! -Kees -- Kees Cook Ubuntu Security Team _______________________________________________ Cocci mailing list [email protected] http://lists.diku.dk/mailman/listinfo/cocci (Web access from inside DIKUs LAN only)
