1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
Todo
====
- Fix all TODO markers
- Move is_in_interval to kernellib.py
- Use dict instead of list for genpatches
Clean code
==========
- Add more logging messages
- Use more telling variables
- Rework Descriptions
- Remove unused code/find better ways
Documentation
=============
- Implement DTD
- Function documentation / manpages
Future
======
- Implement webserver for kernel-check
Intervall documentation
=======================
name: String, the name of the vulnerable release. This can either be "linux" to
specify the upstream release was vulnerable, "genpatches" (or abbreviated "gp")
or a specifc ebuild name such as "hppa-sources" (or abbreviated "hppa").
lower: String, the lower boundary.
upper: String, the upper boundary.
lower_inclusive: Boolean, whether or not the lower boundary is inclusive.
upper_inclusive: Boolean, whether or not the upper boundary is inclusive.
expand: Boolean, defines whether the entry is shadowing less specific entries of the same version range:
linux is less specific than genpatches which is less specific than the name.
Example:
(1) [linux >= 2.6.18 < 2.6.24.3] [gp+ >2.6.16-1 < 2.6.23-8]
(expand=True)
(2) [linux >= 2.6.18 < 2.6.24.3] [gp < 2.6.23-8]
(expand=False)
In (1), a vulnerability seemingly has been backported to genpatches-2.1.16-1
and was fixed in 2.6.23-8. A genpatched Kernel 2.6.17 is vulnerable. In (2),
a patch fixing the vulnerability has been backported to the genpatches.
Kernels 2.6.17 and earlier are not affected.
def is_in_interval(self, version):
""" Returns True if the given version is inside our specified interval, False otherwise.
Note: 'name' is discarded in the comparison. """
if version == None:
return True
if self.lower: # We actually have a lower boundary set
result = portage_versions.vercmp(version, self.lower)
if result == None:
raise BugError("Could not compare %s and %s" % (self.lower, version, str(self)))
"""" We check the lower boundary. Two things will lead to False:
(1) The Result is "equal" and the lower boundary is not inclusive
aka: version = 2.6.24 on "> 2.6.24"
(2) The Result is "lower":
aka: version = 2.6.18 on ">= 2.6.24" """
if result == 0 and not self.lower_inclusive:
return False
if result == 0 and self.lower_inclusive:
return True
if result < 0:
return False
if self.upper: # We actually have an upper boundary set
result = portage_versions.vercmp(version, self.upper)
if result == None:
raise BugError("Could not compare %s and %s" % (self.upper, version, str(self)))
"""" We check the upper boundary. Two things will lead to False:
(1) The Result is "equal" and the upper boundary is not inclusive
aka: version = 2.6.24 on "< 2.6.24"
(2) The Result is "lower":
aka: version = 2.6.24 on "<= 2.6.18" """
if result == 0 and not self.upper_inclusive:
return False
if result == 0 and self.upper_inclusive:
return True
if result > 0:
return False
# Seems we're outa luck, we fell into the vulnerable versions
return True
|
GitWeb