From: Isaac Dunham <ibid.ag@gmail.com>
To: musl@lists.openwall.com
Subject: thoughts on reallocarray, explicit_bzero?
Date: Mon, 19 May 2014 08:31:31 -0700 [thread overview]
Message-ID: <20140519153130.GA519@muslin> (raw)
Having read up on the LibreSSL fork of OpenSSL and also recently
backported a nuber of libXfont CVE fixes for integer overflows,
I've seen the risk posed by malloc(n*sizeof(x)) and realloc(ptr,
n*sizeof(x)).
calloc(n, sizeof(x)) can be used in place of malloc(n * sizeof(x)),
but there's no standard function that does overflow checking for
realloc(). OpenBSD has provided the extension reallocarray(), which
provides for bounds checking like calloc() does.
Additionally, there are times when a compiler will optimize away calls
to bzero() on areas that are not used before free(); this can result in
passwords getting left in memory. OpenBSD uses a wrapper function called
explicit_bzero() to keep this from happening, thugh it seems to be possible
to use some ugliness with volatile to stop it.
Should musl provide reallocarray()?
And what's the best way to ensure that memory gets zeroed out?
Thanks,
Isaac Dunham
next reply other threads:[~2014-05-19 15:31 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-19 15:31 Isaac Dunham [this message]
2014-05-19 15:43 ` Rich Felker
2014-05-19 16:19 ` Daniel Cegiełka
2014-05-20 6:19 ` Rich Felker
2014-05-20 15:50 ` Daniel Cegiełka
2014-05-19 15:44 ` Daniel Cegiełka
2014-05-19 16:16 ` Rich Felker
2014-05-19 16:30 ` Daniel Cegiełka
2014-05-19 16:32 ` Szabolcs Nagy
2015-01-28 22:01 ` Daniel Cegiełka
2015-01-28 22:34 ` Daniel Cegiełka
2015-01-28 22:38 ` Nathan McSween
2015-01-28 22:54 ` Daniel Cegiełka
2015-01-28 23:02 ` Josiah Worcester
2015-01-29 2:19 ` Rich Felker
2015-01-29 4:03 ` Brent Cook
2015-01-29 4:15 ` Rich Felker
2015-01-29 9:30 ` Daniel Cegiełka
2015-01-29 10:04 ` Szabolcs Nagy
2015-01-29 10:31 ` Daniel Cegiełka
2015-01-29 10:54 ` Daniel Cegiełka
2014-05-19 16:25 ` Szabolcs Nagy
2014-05-19 16:45 ` Daniel Cegiełka
2014-05-19 16:58 ` Rich Felker
2014-05-19 16:55 ` Rich Felker
2014-05-19 18:12 ` Szabolcs Nagy
2014-05-19 22:08 ` Andy Lutomirski
2014-05-20 0:41 ` Szabolcs Nagy
2014-06-11 9:59 ` Thorsten Glaser
2014-06-11 12:59 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140519153130.GA519@muslin \
--to=ibid.ag@gmail.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).