From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/5127 Path: news.gmane.org!not-for-mail From: Isaac Dunham Newsgroups: gmane.linux.lib.musl.general Subject: thoughts on reallocarray, explicit_bzero? Date: Mon, 19 May 2014 08:31:31 -0700 Message-ID: <20140519153130.GA519@muslin> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1400513487 14034 80.91.229.3 (19 May 2014 15:31:27 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 19 May 2014 15:31:27 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-5132-gllmg-musl=m.gmane.org@lists.openwall.com Mon May 19 17:31:20 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1WmPX3-0000JL-8D for gllmg-musl@plane.gmane.org; Mon, 19 May 2014 17:31:17 +0200 Original-Received: (qmail 14172 invoked by uid 550); 19 May 2014 15:31:16 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 14162 invoked from network); 19 May 2014 15:31:15 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent; bh=T/XlOyX2beHqM7wN/5RnET6ZDZFYvyGoOtmGytQVbg4=; b=GPwZK3JDv5DvEPNNJ6/p6otMnh2t+ElgAurYve4Bjxs76gKAg6CQaU+us5YsudIgqF Aii2crs3I8i+FWk1cJpd4OVDJKUS1JXO+UmibpRmwis9e4xrMYtlsbbdyNCQrUa1cNss eFeK8j8JFWkULorCDLmWh1ZFblg7LJ4dG7CNcROHy30KNFjNRjLQTwccgCj+/y/pkAoE h/tLBdBUyLsKsKbD8FLP3pFvFrs4BUuPJylKpIDQFMg4+JLIbN4dw5HlU6c8+ZoLbi+d 4Y9ZCJcK+K8l9O8t8QC7EX4P0UxMonCFk1ZdHEHTpL60JlvpVkzdqBqA8xYPalJtoKsF prpQ== X-Received: by 10.68.216.101 with SMTP id op5mr44172444pbc.148.1400513462773; Mon, 19 May 2014 08:31:02 -0700 (PDT) Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Xref: news.gmane.org gmane.linux.lib.musl.general:5127 Archived-At: Having read up on the LibreSSL fork of OpenSSL and also recently backported a nuber of libXfont CVE fixes for integer overflows, I've seen the risk posed by malloc(n*sizeof(x)) and realloc(ptr, n*sizeof(x)). calloc(n, sizeof(x)) can be used in place of malloc(n * sizeof(x)), but there's no standard function that does overflow checking for realloc(). OpenBSD has provided the extension reallocarray(), which provides for bounds checking like calloc() does. Additionally, there are times when a compiler will optimize away calls to bzero() on areas that are not used before free(); this can result in passwords getting left in memory. OpenBSD uses a wrapper function called explicit_bzero() to keep this from happening, thugh it seems to be possible to use some ugliness with volatile to stop it. Should musl provide reallocarray()? And what's the best way to ensure that memory gets zeroed out? Thanks, Isaac Dunham