From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/11834
Path: news.gmane.org!.POSTED!not-for-mail
From: Pascal Cuoq <cuoq@trust-in-soft.com>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: musl's putenv makes assumptions about memcmp
Date: Mon, 21 Aug 2017 12:38:14 +0000
Message-ID: <033E85D4-1611-42A8-95D3-76157D18749B@trust-in-soft.com>
References: <A1F6D5AF-081B-4BE2-A744-577CBBA49E5C@trust-in-soft.com>
 <alpine.LNX.2.20.13.1708211101480.10181@monopod.intra.ispras.ru>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="_000_033E85D4161142A895D376157D18749Btrustinsoftcom_"
X-Trace: blaine.gmane.org 1503319092 15818 195.159.176.226 (21 Aug 2017 12:38:12 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Mon, 21 Aug 2017 12:38:12 +0000 (UTC)
To: "musl@lists.openwall.com" <musl@lists.openwall.com>
Original-X-From: musl-return-11847-gllmg-musl=m.gmane.org@lists.openwall.com Mon Aug 21 14:38:08 2017
Return-path: <musl-return-11847-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.84_2)
	(envelope-from <musl-return-11847-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1djlxy-0003cw-VB
	for gllmg-musl@m.gmane.org; Mon, 21 Aug 2017 14:38:03 +0200
Original-Received: (qmail 16367 invoked by uid 550); 21 Aug 2017 12:38:07 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 16320 invoked from network); 21 Aug 2017 12:38:03 -0000
Thread-Topic: [musl] musl's putenv makes assumptions about memcmp
Thread-Index: AQHTGkFkYybmPa6wqUW7lw79BGENmqKOUbaAgABM2QA=
In-Reply-To: <alpine.LNX.2.20.13.1708211101480.10181@monopod.intra.ispras.ru>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [86.246.63.122]
Xref: news.gmane.org gmane.linux.lib.musl.general:11834
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/11834>

--_000_033E85D4161142A895D376157D18749Btrustinsoftcom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello Alexander,

Thanks for this pointer. This UB and a similar one in putenv were going to =
be our next report:

unsetenv:
* rewrite; this fixes UB caused by testing a free'd pointer against
  NULL on entry to subsequent loops.

In the version after your patch, we do not detect any undefined behavior wi=
th TIS Interpreter, for the tests we have (libc-testsuite plus one addition=
al test that we wrote to make TIS Interpreter confirm the misuse of memcmp =
in putenv).

Pascal

On 21 Aug 2017, at 10:02, Alexander Monakov <amonakov@ispras.ru<mailto:amon=
akov@ispras.ru>> wrote:

*env functions have multiple issues including other UB and a memory leak.

http://openwall.com/lists/musl/2016/03/13/7

Alexander


--_000_033E85D4161142A895D376157D18749Btrustinsoftcom_
Content-Type: text/html; charset="us-ascii"
Content-ID: <447318DE436CBE4BA3F0B540C5385462@EX1688.lan>
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;" class=3D"">
Hello Alexander,
<div class=3D""><br class=3D"">
</div>
<div class=3D"">Thanks for this pointer. This UB and a similar one in puten=
v were going to be our next report:</div>
<div class=3D"">
<pre style=3D"background-color: rgb(224, 224, 224); white-space: pre-wrap;"=
 class=3D"">unsetenv:
* rewrite; this fixes UB caused by testing a free'd pointer against
  NULL on entry to subsequent loops.</pre>
</div>
<div class=3D"">In the version after your patch, we do not detect any undef=
ined behavior with TIS Interpreter, for the tests we have (libc-testsuite p=
lus one additional test that we wrote to make TIS Interpreter confirm the m=
isuse of memcmp in putenv).</div>
<div class=3D""><br class=3D"">
</div>
<div class=3D"">Pascal</div>
<div class=3D""><br class=3D"">
<div>
<blockquote type=3D"cite" class=3D"">
<div class=3D"">On 21 Aug 2017, at 10:02, Alexander Monakov &lt;<a href=3D"=
mailto:amonakov@ispras.ru" class=3D"">amonakov@ispras.ru</a>&gt; wrote:</di=
v>
<br class=3D"Apple-interchange-newline">
<div class=3D"">
<div class=3D"">*env functions have multiple issues including other UB and =
a memory leak.<br class=3D"">
<br class=3D"">
<a href=3D"http://openwall.com/lists/musl/2016/03/13/7" class=3D"">http://o=
penwall.com/lists/musl/2016/03/13/7</a><br class=3D"">
<br class=3D"">
Alexander<br class=3D"">
</div>
</div>
</blockquote>
</div>
<br class=3D"">
</div>
</body>
</html>

--_000_033E85D4161142A895D376157D18749Btrustinsoftcom_--