mbedtls - mbed TLS upgraded to 2.6.0

Arcola » Code » mbedtls

mbed TLS upgraded to 2.6.0

scripts/malloc-init.pl@1:9ebc941037d5, 2017-09-29 (annotated)

Committer:: Jasper Wallace
Date:: Fri Sep 29 18:41:59 2017 +0100
Revision:: 1:9ebc941037d5

Update to mbedtls 2.4.2, security fixes



Changes to mbedtls sources made:



in include/mbedtls/config.h comment out:



#define MBEDTLS_FS_IO

#define MBEDTLS_NET_C

#define MBEDTLS_TIMING_C



uncomment:



#define MBEDTLS_NO_PLATFORM_ENTROPY

Who changed what in which revision?

User	Revision	Line number	New contents of line
Jasper Wallace	1:9ebc941037d5	1	#!/usr/bin/perl
Jasper Wallace	1:9ebc941037d5	2
Jasper Wallace	1:9ebc941037d5	3	# Check for malloc calls not shortly followed by initialisation.
Jasper Wallace	1:9ebc941037d5	4	#
Jasper Wallace	1:9ebc941037d5	5	# Known limitations:
Jasper Wallace	1:9ebc941037d5	6	# - false negative: can't see allocations spanning more than one line
Jasper Wallace	1:9ebc941037d5	7	# - possible false negatives, see patterns
Jasper Wallace	1:9ebc941037d5	8	# - false positive: malloc-malloc-init-init is not accepted
Jasper Wallace	1:9ebc941037d5	9	# - false positives: "non-standard" init functions (eg, the things being
Jasper Wallace	1:9ebc941037d5	10	# initialised is not the first arg, or initialise struct members)
Jasper Wallace	1:9ebc941037d5	11	#
Jasper Wallace	1:9ebc941037d5	12	# Since false positives are expected, the results must be manually reviewed.
Jasper Wallace	1:9ebc941037d5	13	#
Jasper Wallace	1:9ebc941037d5	14	# Typical usage: scripts/malloc-init.pl library/*.c
Jasper Wallace	1:9ebc941037d5	15
Jasper Wallace	1:9ebc941037d5	16	use warnings;
Jasper Wallace	1:9ebc941037d5	17	use strict;
Jasper Wallace	1:9ebc941037d5	18
Jasper Wallace	1:9ebc941037d5	19	use utf8;
Jasper Wallace	1:9ebc941037d5	20	use open qw(:std utf8);
Jasper Wallace	1:9ebc941037d5	21
Jasper Wallace	1:9ebc941037d5	22	my $limit = 7;
Jasper Wallace	1:9ebc941037d5	23	my $inits = qr/memset\|memcpy\|_init\|fread\|base64_..code/;
Jasper Wallace	1:9ebc941037d5	24
Jasper Wallace	1:9ebc941037d5	25	# cases to bear in mind:
Jasper Wallace	1:9ebc941037d5	26	#
Jasper Wallace	1:9ebc941037d5	27	# 0. foo = malloc(...); memset( foo, ... );
Jasper Wallace	1:9ebc941037d5	28	# 1. foo = malloc(...); memset( foo, ... );
Jasper Wallace	1:9ebc941037d5	29	# 2. type *foo = malloc(...); memset( foo, ...);
Jasper Wallace	1:9ebc941037d5	30	# 3. foo = malloc(...); foo_init( (type *) foo );
Jasper Wallace	1:9ebc941037d5	31	# 4. foo = malloc(...); for(i=0..n) { init( &foo[i] ); }
Jasper Wallace	1:9ebc941037d5	32	#
Jasper Wallace	1:9ebc941037d5	33	# The chosen patterns are a bit relaxed, but unlikely to cause false positives
Jasper Wallace	1:9ebc941037d5	34	# in real code (initialising *foo or &foo instead of foo will likely be caught
Jasper Wallace	1:9ebc941037d5	35	# by functional tests).
Jasper Wallace	1:9ebc941037d5	36	#
Jasper Wallace	1:9ebc941037d5	37	my $id = qr/([a-zA-Z-0-9_\->\.]*)/;
Jasper Wallace	1:9ebc941037d5	38	my $prefix = qr/\s(?:\?\|\&?\|$[a-z_] \$)\s/;
Jasper Wallace	1:9ebc941037d5	39
Jasper Wallace	1:9ebc941037d5	40	my $name;
Jasper Wallace	1:9ebc941037d5	41	my $line;
Jasper Wallace	1:9ebc941037d5	42	my @bad;
Jasper Wallace	1:9ebc941037d5	43
Jasper Wallace	1:9ebc941037d5	44	die "Usage: $0 file.c [...]\n" unless @ARGV;
Jasper Wallace	1:9ebc941037d5	45
Jasper Wallace	1:9ebc941037d5	46	while (my $file = shift @ARGV)
Jasper Wallace	1:9ebc941037d5	47	{
Jasper Wallace	1:9ebc941037d5	48	open my $fh, "<", $file or die "read $file failed: $!\n";
Jasper Wallace	1:9ebc941037d5	49	while (<$fh>)
Jasper Wallace	1:9ebc941037d5	50	{
Jasper Wallace	1:9ebc941037d5	51	if( /mbedtls_malloc\(/ ) {
Jasper Wallace	1:9ebc941037d5	52	if( /$id\s=.mbedtls_malloc\(/ ) {
Jasper Wallace	1:9ebc941037d5	53	push @bad, "$file:$line:$name" if $name;
Jasper Wallace	1:9ebc941037d5	54	$name = $1;
Jasper Wallace	1:9ebc941037d5	55	$line = $.;
Jasper Wallace	1:9ebc941037d5	56	} else {
Jasper Wallace	1:9ebc941037d5	57	push @bad, "$file:$.:???" unless /return mbedtls_malloc/;
Jasper Wallace	1:9ebc941037d5	58	}
Jasper Wallace	1:9ebc941037d5	59	} elsif( $name && /(?:$inits)\($prefix\Q$name\E\b/ ) {
Jasper Wallace	1:9ebc941037d5	60	undef $name;
Jasper Wallace	1:9ebc941037d5	61	} elsif( $name && $. - $line > $limit ) {
Jasper Wallace	1:9ebc941037d5	62	push @bad, "$file:$line:$name";
Jasper Wallace	1:9ebc941037d5	63	undef $name;
Jasper Wallace	1:9ebc941037d5	64	undef $line;
Jasper Wallace	1:9ebc941037d5	65	}
Jasper Wallace	1:9ebc941037d5	66	}
Jasper Wallace	1:9ebc941037d5	67	close $fh or die;
Jasper Wallace	1:9ebc941037d5	68	}
Jasper Wallace	1:9ebc941037d5	69
Jasper Wallace	1:9ebc941037d5	70	print "$_\n" for @bad;

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	29 Sep 2017
Imports:	3
Forks:	0
Commits:	3
Dependents:	0
Dependencies:	0
Followers:	5

This repository is Public (Unlisted).

The code in this repository is Apache licensed.

scripts/malloc-init.pl@1:9ebc941037d5, 2017-09-29 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning