From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: from second.openwall.net (second.openwall.net [193.110.157.125]) by inbox.vuxu.org (Postfix) with SMTP id F102028BD7 for ; Thu, 25 Jan 2024 21:10:46 +0100 (CET) Received: (qmail 19580 invoked by uid 550); 25 Jan 2024 20:08:33 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 19545 invoked from network); 25 Jan 2024 20:08:32 -0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oDh8M5xSIrpkOgTv59i89n4g+aHqWjfit48ZszWzOtMy73HcQosYGSZsau4aMOcWR80eI0CWA3Pk9drtZlcSaWo5b7Dlq4OPUZct259u7dz4o+hsjfDll9L1Ww32gvUO+YMU3njlqhhxjsArexmrIW1kcIJhjWw7fw07JVV1/B0yiCyVQ62V/sm1bQ+0vTLWJAIb8zotxyBYu8HU8uG2VSaG9nPXzYabAz++MGOltuQwaMytXzZVgr3pJwLm7r9V7sqPKSXJybKbd1dTJUW4D/Ck9WDRSu3IHL6g4nlPTRoaywiPG/M4ughSUFXlZHWIu9AU6PFoEC1qqnyX4LiDdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KGEATJM4Wcp9gf28NGqzo+06GlpJitaln8BWT3ek5ys=; b=H0ETUJ4KJREu9tRhY6kSk7GIYhDZ4JlN9cPD/cZHt5STAePlv+52j2hRZ+xoEzWksHleg3MBc1nwl7Yveo3qgMoXfs3XwVximFkbWqfPlEJQcNAnmAnp6TXD9YhRGqDjbodjkCfjbgb/yRRjBA5zOluxXbBHxVtoH1pjZcFdjkOYL51dsXrIesfi50td98FLz3v8+YX8BVsRNZBRhB6LpmlN+auQ8XFJeBcKhdC43jq9ApvMVDLgUdd7P+kaVzrXgAPCf5JMAf4TMVplGMzEo82lcnIjBjVRUo40PXsIdpmKhFrslPpJN4+KLpO/rYoJX0yE/asgeLNgTh/R63xc2g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KGEATJM4Wcp9gf28NGqzo+06GlpJitaln8BWT3ek5ys=; b=NxE/Q61F6vl05D/qG9uUFwSWs00/SuEsigVK18VCb5vJ3E8cGjglYM9LD6io/DO/YaOPPWrrFM6aLnGO5sjbkKXptqM9g9azEl3Wy8MJCbN2MCTD6rmNMiu54vFkECHYFZxV0hha7nhrF4Rt9Di0xxhLNGgtWRES4WVfTIAzUgQ= From: Andy Caldwell To: "musl@lists.openwall.com" Thread-Topic: [EXTERNAL] Re: [musl] [PATCH] fix avoidable segfault in catclose Thread-Index: AQHaT5h2Dpt6TRo5d0eFNmTmNsHhDbDq7KxA Date: Thu, 25 Jan 2024 20:10:30 +0000 Message-ID: References: <20240125070950.28673-1-ismael@iodev.co.uk> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=5d083a6c-ea7a-40a4-9a9d-fc89fc8ed83a;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-01-25T19:37:29Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: AS4PR83MB0546:EE_|DBAPR83MB0422:EE_ x-ms-office365-filtering-correlation-id: 79221bbf-ddca-4baa-c8c8-08dc1de1adee x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: +SYHcUQQM5OxscAInk+PgNEzkkKxT3xVZkcUIhQRuxBFcSfZLP3xS5uVG2L2ZtYVgGKnQBH4GuItUS7N6EBoDNbqKIyeBYnswxM8SlGhOtpThb3S+jNfyVx0AuKpBLyV8VSwW946KNerpa3ZNhPNhpS+4/s1q4ybmij7SImHKKT9wsTZ52lk+MXewsCx09dXTmThZQ0QI/j2N6/5L1e/GKyGWUY3sqhEOZZ3e+HaHsT5ImoY+u2ho5i02XLbbejeRMMlKU5UaXrpEPxaWIBFUtAi7PhwxqzJvhwZSfDXirozITDYKsRqkOwmsNjd+OZI4VzzHNosBGPFouJWlwM5GNXq5McM9UXm1RkIIDTbGJnjuoNSIKj0aEpeO8C3JzAyOObTmgELlS1Kcr9B5nvy6nCTghbWA4b+C7Ag08okf+kMbx0qMyq0BmzAnK1uCNcxbZGeotPh47qsRhTxTVpeNTQ02s8ueqWknIEIkzRTgXn5PW526OA0VeDQI26jXsxnshMX92936BUKQVZiyvvYL05DnNJf+gv74RbdX2lyL133ux+o33IlJl2MWwxTBIRL2yafBW/Wjofh/52QWtKBD5VYDvnlx4kcJTpXDVmLNU5PZYSTdQljLs7+WGQND3w9BFcKnMqDDYPaAQ/skw5qeTPHGNLLJV3rtQw4tQGd5EA= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR83MB0546.EURPRD83.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(136003)(39860400002)(366004)(346002)(396003)(376002)(230922051799003)(230173577357003)(230273577357003)(451199024)(186009)(64100799003)(1800799012)(38070700009)(6916009)(66476007)(66556008)(66946007)(55016003)(66446008)(76116006)(2906002)(8676002)(64756008)(316002)(8936002)(5660300002)(6506007)(83380400001)(52536014)(7696005)(478600001)(10290500003)(71200400001)(53546011)(38100700002)(9686003)(41300700001)(33656002)(86362001)(122000001)(82950400001)(82960400001)(8990500004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?vQyCnVTccD+O/Qns4RyJg9P1bVxVnm1D0QpiNf0F5bI6YQUfyAsSzwS0VfvP?= =?us-ascii?Q?pkvnz/YH/ZCK1vc04vtowazLWdZhYWx+K5iJWWkrL5wsegpsMIdd6clHcMH7?= =?us-ascii?Q?1dVQ+CNFmRljjLZxisEry2IGel0E8oU+u0PRuOOMw4FAnaW6HtiBRPMSh0kZ?= =?us-ascii?Q?qUX/L1oGbZfiKkrYIBezI/RT5LnEtRkSPE0JiSBvCbU4e2UN2Bqnvx+Ojd5j?= =?us-ascii?Q?IvaaPrIG6ophEJAWdQKoFYRJtL+tlB93jwvDr/dSHWvR05yPDncDQUe88E+6?= =?us-ascii?Q?Da6haXnsNCyWW+wghwM5BVtPDgcEUXr+Imdx8gpGmFxU6p9sxszy7jqUmxHk?= =?us-ascii?Q?Cjsji++avDfaLU35xjUqMo8Ye/daBAvPNqTc9XIpW4SBiGf2xBC5Dpqwa25F?= =?us-ascii?Q?heSGgxCmm123pnKklHsYY8cJt31no6ctYxRC8iPusTwh8+YteQgC8iFHuMch?= =?us-ascii?Q?bOoubDDr3XarNwXxewNsF8gT3cJErRSHSYExWY1nm694rS+yT01LAO1qCESn?= =?us-ascii?Q?IlLybAfsnrBuBhrmhr2/gL+SSBjnf1c03zr7OGpYYn0dPmVjVbDXOpjyM9eZ?= =?us-ascii?Q?elzPDmpK1+3dJ8NX8fe+2WN2ggcN2QFAmbExMcg51trbnBOLpCsABlRQu0vC?= =?us-ascii?Q?AS2Kxmxxkok1/ZjQbtC19C+hcR7sEipIaHjyffVUlL5iDL9SOSveu3cVPG79?= =?us-ascii?Q?8yVf5PrZdMZvQrYvRuyFkNFVunR1zt/nUWFm7J7OXm9BGlWRaYiRbLPuusao?= =?us-ascii?Q?Ondb9HcuO4hniHbiBlBwCGHm5N4Q+HIyBoTNIaK4FyTv+1N1x0GcImRgfI6e?= =?us-ascii?Q?H2A1bAiikQr7krZQRISVoGC+qDJ5/NJJkkRsM/GFhfLbJuCKF7NhYNIdo9UJ?= =?us-ascii?Q?Ax5JU0NL7+Qy0MirrM19yze0fuhGhTXTFUInOHrOkzZjWdDFUlb2y8wpsru6?= =?us-ascii?Q?rI6A6sgP/UVWR1sszXVqLbNMqdYwVcGqR9YxqA1c6JSs2sOhYepSGJ/GPBv9?= =?us-ascii?Q?UjMqzaiuHsbSuZr08G40WFykDZ8EtEPMjvBVbBpEBoc7Mcvr5uiXUNpe1D+D?= =?us-ascii?Q?ls3xPE2d2IaKgIgRtRD5pOxxBrJ87R7tSpl7kPE1YMKNRzXjHODdfqcRRqid?= =?us-ascii?Q?vnOK9qpNQQL4bCgfoC6ynYhObb8EE6xo5cickmUNNo8C2vEtiS7MX5RVLSPK?= =?us-ascii?Q?Tgh1627vb9IAGrL71GMnvjOl3bTQr/ICfUC6hhWiSLPHOR2kVTAfEwt2K4DD?= =?us-ascii?Q?I+e0BwzcrMuRuFK0DZ7jwLdaoI7tMKX9KDzuMZ2xf615/pVAv5QwRuxLtPZb?= =?us-ascii?Q?tqVL4wjfdvyKO3wRxw8WrTN8GdttwoGw5WcL44WKgT7RqFbXxrtk9OrScuo/?= =?us-ascii?Q?jPP8e/e87TPCPKNehF3JhaTIfdVrP/Aeol/+H7p3eCQ014cHJKdl5zX3qqZL?= =?us-ascii?Q?SuX0DZd87ihQ/5G+DPKr+B1EM7Lswxj+yOkL0ob6Rinq3J8pv6adNxTjvsfa?= =?us-ascii?Q?GLyLoLXdz3zBhXh7BmHCXGABHkgFDIaP7roIoht8sblCTJKD0SZrrT1tJVJh?= =?us-ascii?Q?mM9AmMvLmRG3jtRH+F6ZkPoqmMdoCd2Vh1bw6LdX?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AS4PR83MB0546.EURPRD83.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 79221bbf-ddca-4baa-c8c8-08dc1de1adee X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jan 2024 20:10:30.2602 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: BwSrs7/0VGOw6VCX20y5ghTapi2npLfpZsHfMY7SqhsKMyaIYByCxwl4V2NlN4faJlPWShdWUyR60rMd/EPxn1PQuHY1zVvM8V1vl+99s8c= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR83MB0422 Subject: [musl] RE: [EXTERNAL] Re: [musl] [PATCH] fix avoidable segfault in catclose > And it has been musl policy to crash on invalid args since the beginning. The current implementation doesn't (necessarily) crash/trap on an invalid a= rgument, instead it invokes (C-language spec-defined) UB itself (it derefer= ences `(uint32_t*)((char*)cat) + 8)`, which, in the case of the `-1` handle= is the address 0x7, which in turn, not being a valid address, is UB to der= eference). If you're lucky (or are compiling without optimizations/inlinin= g) the compiler will emit a MOV that will trigger an access violation and h= ence a SEGV, if you're unlucky the compiler will make wild assumptions abou= t the value of the variable passed as the arg (and for example in your firs= t code snippet, simply delete the `if` statement, meaning `use_cat` gets ca= lled even when `catopen` fails potentially corrupting user data/state). Cr= ashing loudly (which requires _not_ invoking UB) on known bad inputs (a tes= t against `-1` isn't exactly expensive) feels like it meets the "musl polic= y" better than the current code. A -----Original Message----- From: Markus Wichmann =20 Sent: Thursday, January 25, 2024 2:12 PM To: musl@lists.openwall.com Cc: Rich Felker ; Ismael Luceno Subject: [EXTERNAL] Re: [musl] [PATCH] fix avoidable segfault in catclose Am Thu, Jan 25, 2024 at 08:09:49AM +0100 schrieb Ismael Luceno: > catclose may be called with an invalid argument, particularly -1 may=20 > be returned by catopen if there's an error. > May it, though? My copy of POSIX does not say so. Whenever a function descr= iption does not say that you can call a function with invalid arguments, yo= u cannot do so. And it has been musl policy to crash on invalid args since = the beginning. The problem you describe sounds like your app has control flow being approximately: nl_catd cat =3D catopen(...); if (cat !=3D (nl_catd)-1) { use_cat(cat); } catclose(cat); and that is just wrong control flow and can be remedied by just moving one = line: nl_catd cat =3D catopen(...); if (cat !=3D (nl_catd)-1) { use_cat(cat); catclose(cat); } BTW, POSIX does not say catclose() is required (or even allowed) to accept = (nl_catd)-1 as argument, its description of the return value of catopen() also says that it is only suitable for use with catclose() when s= uccessful. Ciao, Markus