From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/5129 Path: news.gmane.org!not-for-mail From: =?UTF-8?Q?Daniel_Cegie=C5=82ka?= Newsgroups: gmane.linux.lib.musl.general Subject: Re: thoughts on reallocarray, explicit_bzero? Date: Mon, 19 May 2014 17:44:59 +0200 Message-ID: References: <20140519153130.GA519@muslin> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=001a1133d894a00e9004f9c2a6b2 X-Trace: ger.gmane.org 1400514342 30800 80.91.229.3 (19 May 2014 15:45:42 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 19 May 2014 15:45:42 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-5134-gllmg-musl=m.gmane.org@lists.openwall.com Mon May 19 17:45:36 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1WmPks-0002OU-70 for gllmg-musl@plane.gmane.org; Mon, 19 May 2014 17:45:34 +0200 Original-Received: (qmail 24466 invoked by uid 550); 19 May 2014 15:45:33 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 24458 invoked from network); 19 May 2014 15:45:33 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=X6EPIOEva0BNaxAN8TsUy8Gdbz2kOL+944+GiDTDC+0=; b=sOjDRLAx1u6anSbclkG3iUjR5Ts1QCzRpVm063u5OhdG9oI1uHsd0BFtWAtihqsqIS m6+4sQcHCrwoqV/7XwJizZaXSs+VLhzFqpubYbyflQkaXE+3/QSKCuFKZ4E0ocL847BK o6CyO3zDscaWcYChvv1uAjyK4RhviTGk5xa1jJXNhHvlQHGgEXtCBtXgJerFrfKzAwfl hZby7mVLP2UDq4uhj6tC/LTzvplMyjBt1ZwKIBJXZtWOYgQAbNlDjhOqimSdCUueQ3K7 R4UkUUCE7MKzGYLqLzNHPBQgyWc5182RuIH/nGNoMligg3SasNS3ApPR0561+x2Yet0z /u1A== X-Received: by 10.224.60.137 with SMTP id p9mr47726403qah.92.1400514321296; Mon, 19 May 2014 08:45:21 -0700 (PDT) In-Reply-To: <20140519153130.GA519@muslin> Xref: news.gmane.org gmane.linux.lib.musl.general:5129 Archived-At: --001a1133d894a00e9004f9c2a6b2 Content-Type: text/plain; charset=UTF-8 2014-05-19 17:31 GMT+02:00 Isaac Dunham : > Having read up on the LibreSSL fork of OpenSSL and also recently > backported a nuber of libXfont CVE fixes for integer overflows, > I've seen the risk posed by malloc(n*sizeof(x)) and realloc(ptr, > n*sizeof(x)). > calloc(n, sizeof(x)) can be used in place of malloc(n * sizeof(x)), > but there's no standard function that does overflow checking for > realloc(). OpenBSD has provided the extension reallocarray(), which > provides for bounds checking like calloc() does. > > Additionally, there are times when a compiler will optimize away calls > to bzero() on areas that are not used before free(); this can result in > passwords getting left in memory. OpenBSD uses a wrapper function called > explicit_bzero() to keep this from happening, thugh it seems to be possible > to use some ugliness with volatile to stop it. > > Should musl provide reallocarray()? In my opinion, yes, we should. btw. no bzero()/bcopy() but memset() and memcpy() etc. Daniel > And what's the best way to ensure that memory gets zeroed out? > > Thanks, > Isaac Dunham --001a1133d894a00e9004f9c2a6b2 Content-Type: text/plain; charset=US-ASCII; name="explicit_bzero.diff" Content-Disposition: attachment; filename="explicit_bzero.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: f_hvdy0nxm0 ZGlmZiAtdXJOIG11c2wub3JpZy9pbmNsdWRlL3N0cmluZy5oIG11c2wvaW5jbHVkZS9zdHJpbmcu aAotLS0gbXVzbC5vcmlnL2luY2x1ZGUvc3RyaW5nLmgJRnJpIE1heSAgOSAwOTo0OTozNiAyMDE0 CisrKyBtdXNsL2luY2x1ZGUvc3RyaW5nLmgJRnJpIE1heSAgOSAwOTo1NzoxMCAyMDE0CkBAIC04 Miw2ICs4Miw3IEBACiBjaGFyICpzdHJzZXAoY2hhciAqKiwgY29uc3QgY2hhciAqKTsKIHNpemVf dCBzdHJsY2F0IChjaGFyICosIGNvbnN0IGNoYXIgKiwgc2l6ZV90KTsKIHNpemVfdCBzdHJsY3B5 IChjaGFyICosIGNvbnN0IGNoYXIgKiwgc2l6ZV90KTsKK3ZvaWQgZXhwbGljaXRfYnplcm8odm9p ZCAqYiwgc2l6ZV90IGxlbik7CiAjZW5kaWYKIAogI2lmZGVmIF9HTlVfU09VUkNFCmRpZmYgLXVy TiBtdXNsLm9yaWcvc3JjL3N0cmluZy9leHBsaWNpdF9iemVyby5jIG11c2wvc3JjL3N0cmluZy9l eHBsaWNpdF9iemVyby5jCi0tLSBtdXNsLm9yaWcvc3JjL3N0cmluZy9leHBsaWNpdF9iemVyby5j CVRodSBKYW4gIDEgMDA6MDA6MDAgMTk3MAorKysgbXVzbC9zcmMvc3RyaW5nL2V4cGxpY2l0X2J6 ZXJvLmMJRnJpIE1heSAgOSAwOTo1Nzo0NSAyMDE0CkBAIC0wLDAgKzEsOCBAQAorI2luY2x1ZGUg PHN0cmluZy5oPgorCitzdGF0aWMgdm9pZCAqKCp2b2xhdGlsZSBleHBsaWNpdF9tZW1zZXQpKHZv aWQgKiwgaW50LCBzaXplX3QpID0gbWVtc2V0OworCit2b2lkIGV4cGxpY2l0X2J6ZXJvKHZvaWQg KmIsIHNpemVfdCBsZW4pCit7CisJKCpleHBsaWNpdF9tZW1zZXQpKGIsIDAsIGxlbik7Cit9Cg== --001a1133d894a00e9004f9c2a6b2 Content-Type: text/plain; charset=US-ASCII; name="reallocarray.diff" Content-Disposition: attachment; filename="reallocarray.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: f_hvdy0ugv1 ZGlmZiAtdXJOIG11c2wub3JpZy9pbmNsdWRlL3N0ZGxpYi5oIG11c2wvaW5jbHVkZS9zdGRsaWIu aAotLS0gbXVzbC5vcmlnL2luY2x1ZGUvc3RkbGliLmgJVGh1IE1heSAgOCAwOTowNDowOCAyMDE0 CisrKyBtdXNsL2luY2x1ZGUvc3RkbGliLmgJVGh1IE1heSAgOCAwOToxMTowNiAyMDE0CkBAIC00 NCw2ICs0NCw5IEBACiB2b2lkICpyZWFsbG9jICh2b2lkICosIHNpemVfdCk7CiB2b2lkIGZyZWUg KHZvaWQgKik7CiB2b2lkICphbGlnbmVkX2FsbG9jKHNpemVfdCBhbGlnbm1lbnQsIHNpemVfdCBz aXplKTsKKyNpZmRlZiBfQlNEX1NPVVJDRQordm9pZCAqcmVhbGxvY2FycmF5KHZvaWQgKiwgc2l6 ZV90LCBzaXplX3QpOworI2VuZGlmCiAKIF9Ob3JldHVybiB2b2lkIGFib3J0ICh2b2lkKTsKIGlu dCBhdGV4aXQgKHZvaWQgKCopICh2b2lkKSk7CmRpZmYgLXVyTiBtdXNsLm9yaWcvc3JjL3N0ZGxp Yi9yZWFsbG9jYXJyYXkuYyBtdXNsL3NyYy9zdGRsaWIvcmVhbGxvY2FycmF5LmMKLS0tIG11c2wu b3JpZy9zcmMvc3RkbGliL3JlYWxsb2NhcnJheS5jCVRodSBKYW4gIDEgMDA6MDA6MDAgMTk3MAor KysgbXVzbC9zcmMvc3RkbGliL3JlYWxsb2NhcnJheS5jCVRodSBNYXkgIDggMDk6MDY6MzAgMjAx NApAQCAtMCwwICsxLDE3IEBACisjaW5jbHVkZSA8c3RkbGliLmg+CisjaW5jbHVkZSA8bGltaXRz Lmg+CisjaW5jbHVkZSA8ZXJybm8uaD4KKworLyogdGhpcyBpcyBzcXJ0KFNJWkVfTUFYKzEpLCBh cyBzMSpzMiA8PSBTSVpFX01BWAorICogaWYgYm90aCBzMSA8IE1VTF9OT19PVkVSRkxPVyBhbmQg czIgPCBNVUxfTk9fT1ZFUkZMT1cgKi8KKyNkZWZpbmUgTVVMX05PX09WRVJGTE9XCSgxVUwgPDwg KHNpemVvZihzaXplX3QpICogNCkpCisKK3ZvaWQgKnJlYWxsb2NhcnJheSh2b2lkICpvcHRyLCBz aXplX3Qgbm1lbWIsIHNpemVfdCBzaXplKQoreworCWlmICgobm1lbWIgPj0gTVVMX05PX09WRVJG TE9XIHx8IHNpemUgPj0gTVVMX05PX09WRVJGTE9XKSAmJgorCSAgICBubWVtYiA+IDAgJiYgU1NJ WkVfTUFYIC8gbm1lbWIgPCBzaXplKSB7CisJCWVycm5vID0gRU5PTUVNOworCQlyZXR1cm4gTlVM TDsKKwl9CisJcmV0dXJuIHJlYWxsb2Mob3B0ciwgc2l6ZSAqIG5tZW1iKTsKK30K --001a1133d894a00e9004f9c2a6b2--