From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/5127
Path: news.gmane.org!not-for-mail
From: Isaac Dunham <ibid.ag@gmail.com>
Newsgroups: gmane.linux.lib.musl.general
Subject: thoughts on reallocarray, explicit_bzero?
Date: Mon, 19 May 2014 08:31:31 -0700
Message-ID: <20140519153130.GA519@muslin>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1400513487 14034 80.91.229.3 (19 May 2014 15:31:27 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 19 May 2014 15:31:27 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-5132-gllmg-musl=m.gmane.org@lists.openwall.com Mon May 19 17:31:20 2014
Return-path: <musl-return-5132-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@plane.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-5132-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1WmPX3-0000JL-8D
	for gllmg-musl@plane.gmane.org; Mon, 19 May 2014 17:31:17 +0200
Original-Received: (qmail 14172 invoked by uid 550); 19 May 2014 15:31:16 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 14162 invoked from network); 19 May 2014 15:31:15 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=date:from:to:subject:message-id:mime-version:content-type
         :content-disposition:user-agent;
        bh=T/XlOyX2beHqM7wN/5RnET6ZDZFYvyGoOtmGytQVbg4=;
        b=GPwZK3JDv5DvEPNNJ6/p6otMnh2t+ElgAurYve4Bjxs76gKAg6CQaU+us5YsudIgqF
         Aii2crs3I8i+FWk1cJpd4OVDJKUS1JXO+UmibpRmwis9e4xrMYtlsbbdyNCQrUa1cNss
         eFeK8j8JFWkULorCDLmWh1ZFblg7LJ4dG7CNcROHy30KNFjNRjLQTwccgCj+/y/pkAoE
         h/tLBdBUyLsKsKbD8FLP3pFvFrs4BUuPJylKpIDQFMg4+JLIbN4dw5HlU6c8+ZoLbi+d
         4Y9ZCJcK+K8l9O8t8QC7EX4P0UxMonCFk1ZdHEHTpL60JlvpVkzdqBqA8xYPalJtoKsF
         prpQ==
X-Received: by 10.68.216.101 with SMTP id op5mr44172444pbc.148.1400513462773;
        Mon, 19 May 2014 08:31:02 -0700 (PDT)
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Xref: news.gmane.org gmane.linux.lib.musl.general:5127
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/5127>

Having read up on the LibreSSL fork of OpenSSL and also recently
backported a nuber of libXfont CVE fixes for integer overflows,
I've seen the risk posed by malloc(n*sizeof(x)) and realloc(ptr,
n*sizeof(x)).
calloc(n, sizeof(x)) can be used in place of malloc(n * sizeof(x)), 
but there's no standard function that does overflow checking for 
realloc(). OpenBSD has provided the extension reallocarray(), which 
provides for bounds checking like calloc() does.

Additionally, there are times when a compiler will optimize away calls
to bzero() on areas that are not used before free(); this can result in
passwords getting left in memory. OpenBSD uses a wrapper function called
explicit_bzero() to keep this from happening, thugh it seems to be possible
to use some ugliness with volatile to stop it.

Should musl provide reallocarray()? 
And what's the best way to ensure that memory gets zeroed out? 

Thanks,
Isaac Dunham