From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/5129
Path: news.gmane.org!not-for-mail
From: =?UTF-8?Q?Daniel_Cegie=C5=82ka?= <daniel.cegielka@gmail.com>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: thoughts on reallocarray, explicit_bzero?
Date: Mon, 19 May 2014 17:44:59 +0200
Message-ID: <CAPLrYESpEg_yvyn0odnnr9=0Fg3Ussg7cHH=om1G_yvb8zsQ8Q@mail.gmail.com>
References: <20140519153130.GA519@muslin>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=001a1133d894a00e9004f9c2a6b2
X-Trace: ger.gmane.org 1400514342 30800 80.91.229.3 (19 May 2014 15:45:42 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 19 May 2014 15:45:42 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-5134-gllmg-musl=m.gmane.org@lists.openwall.com Mon May 19 17:45:36 2014
Return-path: <musl-return-5134-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@plane.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-5134-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1WmPks-0002OU-70
	for gllmg-musl@plane.gmane.org; Mon, 19 May 2014 17:45:34 +0200
Original-Received: (qmail 24466 invoked by uid 550); 19 May 2014 15:45:33 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 24458 invoked from network); 19 May 2014 15:45:33 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-type;
        bh=X6EPIOEva0BNaxAN8TsUy8Gdbz2kOL+944+GiDTDC+0=;
        b=sOjDRLAx1u6anSbclkG3iUjR5Ts1QCzRpVm063u5OhdG9oI1uHsd0BFtWAtihqsqIS
         m6+4sQcHCrwoqV/7XwJizZaXSs+VLhzFqpubYbyflQkaXE+3/QSKCuFKZ4E0ocL847BK
         o6CyO3zDscaWcYChvv1uAjyK4RhviTGk5xa1jJXNhHvlQHGgEXtCBtXgJerFrfKzAwfl
         hZby7mVLP2UDq4uhj6tC/LTzvplMyjBt1ZwKIBJXZtWOYgQAbNlDjhOqimSdCUueQ3K7
         R4UkUUCE7MKzGYLqLzNHPBQgyWc5182RuIH/nGNoMligg3SasNS3ApPR0561+x2Yet0z
         /u1A==
X-Received: by 10.224.60.137 with SMTP id p9mr47726403qah.92.1400514321296;
 Mon, 19 May 2014 08:45:21 -0700 (PDT)
In-Reply-To: <20140519153130.GA519@muslin>
Xref: news.gmane.org gmane.linux.lib.musl.general:5129
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/5129>

--001a1133d894a00e9004f9c2a6b2
Content-Type: text/plain; charset=UTF-8

2014-05-19 17:31 GMT+02:00 Isaac Dunham <ibid.ag@gmail.com>:
> Having read up on the LibreSSL fork of OpenSSL and also recently
> backported a nuber of libXfont CVE fixes for integer overflows,
> I've seen the risk posed by malloc(n*sizeof(x)) and realloc(ptr,
> n*sizeof(x)).
> calloc(n, sizeof(x)) can be used in place of malloc(n * sizeof(x)),
> but there's no standard function that does overflow checking for
> realloc(). OpenBSD has provided the extension reallocarray(), which
> provides for bounds checking like calloc() does.
>
> Additionally, there are times when a compiler will optimize away calls
> to bzero() on areas that are not used before free(); this can result in
> passwords getting left in memory. OpenBSD uses a wrapper function called
> explicit_bzero() to keep this from happening, thugh it seems to be possible
> to use some ugliness with volatile to stop it.
>
> Should musl provide reallocarray()?

In my opinion, yes, we should.

btw. no bzero()/bcopy() but memset() and memcpy() etc.

Daniel

> And what's the best way to ensure that memory gets zeroed out?
>
> Thanks,
> Isaac Dunham

--001a1133d894a00e9004f9c2a6b2
Content-Type: text/plain; charset=US-ASCII; name="explicit_bzero.diff"
Content-Disposition: attachment; filename="explicit_bzero.diff"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_hvdy0nxm0

ZGlmZiAtdXJOIG11c2wub3JpZy9pbmNsdWRlL3N0cmluZy5oIG11c2wvaW5jbHVkZS9zdHJpbmcu
aAotLS0gbXVzbC5vcmlnL2luY2x1ZGUvc3RyaW5nLmgJRnJpIE1heSAgOSAwOTo0OTozNiAyMDE0
CisrKyBtdXNsL2luY2x1ZGUvc3RyaW5nLmgJRnJpIE1heSAgOSAwOTo1NzoxMCAyMDE0CkBAIC04
Miw2ICs4Miw3IEBACiBjaGFyICpzdHJzZXAoY2hhciAqKiwgY29uc3QgY2hhciAqKTsKIHNpemVf
dCBzdHJsY2F0IChjaGFyICosIGNvbnN0IGNoYXIgKiwgc2l6ZV90KTsKIHNpemVfdCBzdHJsY3B5
IChjaGFyICosIGNvbnN0IGNoYXIgKiwgc2l6ZV90KTsKK3ZvaWQgZXhwbGljaXRfYnplcm8odm9p
ZCAqYiwgc2l6ZV90IGxlbik7CiAjZW5kaWYKIAogI2lmZGVmIF9HTlVfU09VUkNFCmRpZmYgLXVy
TiBtdXNsLm9yaWcvc3JjL3N0cmluZy9leHBsaWNpdF9iemVyby5jIG11c2wvc3JjL3N0cmluZy9l
eHBsaWNpdF9iemVyby5jCi0tLSBtdXNsLm9yaWcvc3JjL3N0cmluZy9leHBsaWNpdF9iemVyby5j
CVRodSBKYW4gIDEgMDA6MDA6MDAgMTk3MAorKysgbXVzbC9zcmMvc3RyaW5nL2V4cGxpY2l0X2J6
ZXJvLmMJRnJpIE1heSAgOSAwOTo1Nzo0NSAyMDE0CkBAIC0wLDAgKzEsOCBAQAorI2luY2x1ZGUg
PHN0cmluZy5oPgorCitzdGF0aWMgdm9pZCAqKCp2b2xhdGlsZSBleHBsaWNpdF9tZW1zZXQpKHZv
aWQgKiwgaW50LCBzaXplX3QpID0gbWVtc2V0OworCit2b2lkIGV4cGxpY2l0X2J6ZXJvKHZvaWQg
KmIsIHNpemVfdCBsZW4pCit7CisJKCpleHBsaWNpdF9tZW1zZXQpKGIsIDAsIGxlbik7Cit9Cg==
--001a1133d894a00e9004f9c2a6b2
Content-Type: text/plain; charset=US-ASCII; name="reallocarray.diff"
Content-Disposition: attachment; filename="reallocarray.diff"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_hvdy0ugv1

ZGlmZiAtdXJOIG11c2wub3JpZy9pbmNsdWRlL3N0ZGxpYi5oIG11c2wvaW5jbHVkZS9zdGRsaWIu
aAotLS0gbXVzbC5vcmlnL2luY2x1ZGUvc3RkbGliLmgJVGh1IE1heSAgOCAwOTowNDowOCAyMDE0
CisrKyBtdXNsL2luY2x1ZGUvc3RkbGliLmgJVGh1IE1heSAgOCAwOToxMTowNiAyMDE0CkBAIC00
NCw2ICs0NCw5IEBACiB2b2lkICpyZWFsbG9jICh2b2lkICosIHNpemVfdCk7CiB2b2lkIGZyZWUg
KHZvaWQgKik7CiB2b2lkICphbGlnbmVkX2FsbG9jKHNpemVfdCBhbGlnbm1lbnQsIHNpemVfdCBz
aXplKTsKKyNpZmRlZiBfQlNEX1NPVVJDRQordm9pZCAqcmVhbGxvY2FycmF5KHZvaWQgKiwgc2l6
ZV90LCBzaXplX3QpOworI2VuZGlmCiAKIF9Ob3JldHVybiB2b2lkIGFib3J0ICh2b2lkKTsKIGlu
dCBhdGV4aXQgKHZvaWQgKCopICh2b2lkKSk7CmRpZmYgLXVyTiBtdXNsLm9yaWcvc3JjL3N0ZGxp
Yi9yZWFsbG9jYXJyYXkuYyBtdXNsL3NyYy9zdGRsaWIvcmVhbGxvY2FycmF5LmMKLS0tIG11c2wu
b3JpZy9zcmMvc3RkbGliL3JlYWxsb2NhcnJheS5jCVRodSBKYW4gIDEgMDA6MDA6MDAgMTk3MAor
KysgbXVzbC9zcmMvc3RkbGliL3JlYWxsb2NhcnJheS5jCVRodSBNYXkgIDggMDk6MDY6MzAgMjAx
NApAQCAtMCwwICsxLDE3IEBACisjaW5jbHVkZSA8c3RkbGliLmg+CisjaW5jbHVkZSA8bGltaXRz
Lmg+CisjaW5jbHVkZSA8ZXJybm8uaD4KKworLyogdGhpcyBpcyBzcXJ0KFNJWkVfTUFYKzEpLCBh
cyBzMSpzMiA8PSBTSVpFX01BWAorICogaWYgYm90aCBzMSA8IE1VTF9OT19PVkVSRkxPVyBhbmQg
czIgPCBNVUxfTk9fT1ZFUkZMT1cgKi8KKyNkZWZpbmUgTVVMX05PX09WRVJGTE9XCSgxVUwgPDwg
KHNpemVvZihzaXplX3QpICogNCkpCisKK3ZvaWQgKnJlYWxsb2NhcnJheSh2b2lkICpvcHRyLCBz
aXplX3Qgbm1lbWIsIHNpemVfdCBzaXplKQoreworCWlmICgobm1lbWIgPj0gTVVMX05PX09WRVJG
TE9XIHx8IHNpemUgPj0gTVVMX05PX09WRVJGTE9XKSAmJgorCSAgICBubWVtYiA+IDAgJiYgU1NJ
WkVfTUFYIC8gbm1lbWIgPCBzaXplKSB7CisJCWVycm5vID0gRU5PTUVNOworCQlyZXR1cm4gTlVM
TDsKKwl9CisJcmV0dXJuIHJlYWxsb2Mob3B0ciwgc2l6ZSAqIG5tZW1iKTsKK30K
--001a1133d894a00e9004f9c2a6b2--