From 78999f9b611e416dfedd23e23568b2e6df76b7d2 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 10 May 2019 07:42:00 +0200
Subject: [PATCH] shared: add NM_HASH_OBFUSCATE_PTR() macro

We want to log pointer values to indicate the related parties of a
log message. But we should not, because plain pointer values can be
used to defeat ASLR.

Instead, we have nm_hash_obfuscate_ptr() to managle a pointer and give
a distinct (albeit not 100% unique) 64 bit integer for logging.

But for the logging messages to be meaning-full, all related parties
must use the same static-seed.

Add a macro NM_HASH_OBFUSCATE_PTR() that uses a particular seed.
---
 shared/nm-glib-aux/nm-hash-utils.h | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/shared/nm-glib-aux/nm-hash-utils.h b/shared/nm-glib-aux/nm-hash-utils.h
index 3f622f99fb..af115a7c67 100644
--- a/shared/nm-glib-aux/nm-hash-utils.h
+++ b/shared/nm-glib-aux/nm-hash-utils.h
@@ -291,7 +291,7 @@ gboolean nm_pstr_equal (gconstpointer a, gconstpointer b);
 
 /*****************************************************************************/
 
-#define NM_HASH_OBFUSCATE_PTR_FMT "%016llx"
+#define NM_HASH_OBFUSCATE_PTR_FMT "%016" G_GINT64_MODIFIER "x"
 
 /* sometimes we want to log a pointer directly, for providing context/information about
  * the message that get logged. Logging pointer values directly defeats ASLR, so we should
@@ -307,9 +307,19 @@ gboolean nm_pstr_equal (gconstpointer a, gconstpointer b);
 		\
 		nm_hash_init (&_h, (static_seed)); \
 		nm_hash_update_val (&_h, _val_obf_ptr); \
-		(unsigned long long) nm_hash_complete_u64 (&_h); \
+		nm_hash_complete_u64 (&_h); \
 	})
 
+/* if you want to log obfuscated pointer for a certain context (like, NMPRuleManager
+ * logging user-tags), then you are advised to use nm_hash_obfuscate_ptr() with your
+ * own, unique static-seed.
+ *
+ * However, for example the singleton constructors log the obfuscated pointer values
+ * for all singletons, so they must all be obfuscated with the same seed. So, this
+ * macro uses a particular static seed that should be used by when comparing pointer
+ * values in a global context. */
+#define NM_HASH_OBFUSCATE_PTR(ptr) (nm_hash_obfuscate_ptr (1678382159u, ptr))
+
 /*****************************************************************************/
 
 #endif /* __NM_HASH_UTILS_H__ */