From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 3091 invoked from network); 29 May 2023 19:11:17 -0000
Received: from second.openwall.net (193.110.157.125)
  by inbox.vuxu.org with ESMTPUTF8; 29 May 2023 19:11:17 -0000
Received: (qmail 17675 invoked by uid 550); 29 May 2023 19:11:13 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 17640 invoked from network); 29 May 2023 19:11:13 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=inria.fr; s=dc;
  h=date:from:to:cc:subject:message-id:in-reply-to:
   references:mime-version;
  bh=9Wa/8D6e/WXNPUDWQFNnseFAlIDlpb85AqqqsewmmVw=;
  b=rVVi5r8egH7XSk4XijqlatLHFDqHkz77A+LoPcsh/jUhu7H73WyjhBJ4
   Nexjo/JYIaxh4PoCb3R2xdpOxlz/U9VhlzTz+4Vl772T2y/SxPKTRK8xY
   DFpfal9bm7y3S5SACZiv42ijb0M9Fu7IhTg7GbvPIW7Y/0coWHsEpeSlF
   g=;
Authentication-Results: mail3-relais-sop.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=jens.gustedt@inria.fr; dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="6.00,201,1681164000"; 
   d="scan'208";a="57266434"
Date: Mon, 29 May 2023 21:10:59 +0200
From: =?UTF-8?B?SuKCkeKCmeKCmw==?= Gustedt <jens.gustedt@inria.fr>
To: Rich Felker <dalias@libc.org>
Cc: musl@lists.openwall.com
Message-ID: <20230529211059.19111ab9@inria.fr>
In-Reply-To: <20230529155929.GV4163@brightrain.aerifal.cx>
References: <20230529123202.63f09fc2@inria.fr>
	<20230529155929.GV4163@brightrain.aerifal.cx>
Organization: inria.fr
X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.33; x86_64-pc-linux-gnu)
X-Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAAXNSR0IArs4c6QAAACRQTFRFERslNjAsLTE9Ok9wUk9TaUs8iWhSrYZkj42Rz6aD3sGZ
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Sig_/SsIhSvYcjL90SMCDN+6xDAV";
 protocol="application/pgp-signature"; micalg=pgp-sha1
Subject: Re: [musl] changes for scanf in C23

--Sig_/SsIhSvYcjL90SMCDN+6xDAV
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Rich,

on Mon, 29 May 2023 11:59:29 -0400 you (Rich Felker <dalias@libc.org>)
wrote:

> On Mon, May 29, 2023 at 12:32:02PM +0200, J=E2=82=91=E2=82=99=E2=82=9B Gu=
stedt wrote:
> > Hi,
> > we already discussed this but it doesn't seem that we have come to a
> > conclusion.
> >=20
> > The problem is that for C23 semantics of several string to integer
> > conversion functions change: a 'b' or 'B' that previously was the
> > stop condition for integer parsing may become part of the integer
> > string. This concerns all `scanf` and `strto` derivatives.
> >=20
> > This is probably not a problem for most applications that parse
> > strings to integers, but it could be in some situations, and in
> > particular it could open vulnerabilities. E.g network addresses that
> > are read with base `0` (musl does this at some point to allow to
> > have decimal or hex strings) could be open to attacks, once people
> > start using binary encodings for integers more often. Another
> > scenario where this could lead to harm is automatically produced
> > output that is automatically scanned, and where nobody previously
> > took care of proper word boundaries.
> >=20
> > My current idea is to have two sets of these functions, one that has
> > the old semantics and one that has the new. =20
>=20
> This was rejected already in the first proposal (thread here):
>=20
> Message-ID: <20230503000045.GU4163@brightrain.aerifal.cx>
> https://www.openwall.com/lists/musl/2023/05/03/1
>=20
>     "There are not going to be different versions of scanf/strto*
>     because there's just no way to do that in a conforming way..."

Alright, saves me a lot of trouble. I'll forward all complaints by
users to you ;-)

J=E2=82=91=E2=82=99=E2=82=9B

--=20
:: ICube :::::::::::::::::::::::::::::: deputy director ::
:: Universit=C3=A9 de Strasbourg :::::::::::::::::::::: ICPS ::
:: INRIA Nancy Grand Est :::::::::::::::::::::::: Camus ::
:: :::::::::::::::::::::::::::::::::::: =E2=98=8E +33 368854536 ::
:: https://icube-icps.unistra.fr/index.php/Jens_Gustedt ::

--Sig_/SsIhSvYcjL90SMCDN+6xDAV
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSN9stI2OFN1pLljN0P0+hp2tU34gUCZHT4wwAKCRAP0+hp2tU3
4nKzAJ96p5g+FS+HQz3DGrGfq6kH810S2QCfQ+wcQqbN8OueHD2sZ0Ik8/4HJsA=
=zDOT
-----END PGP SIGNATURE-----

--Sig_/SsIhSvYcjL90SMCDN+6xDAV--