lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Oct 2015 15:15:24 +0200 From: Ingo Molnar <mingo@...nel.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Chris Metcalf <cmetcalf@...hip.com>, open list <linux-kernel@...r.kernel.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Thomas Gleixner <tglx@...utronix.de>, "H. Peter Anvin" <hpa@...or.com>, Borislav Petkov <bp@...en8.de> Subject: Re: [PATCH] string: Improve the generic strlcpy() implementation * Ingo Molnar <mingo@...nel.org> wrote: > > * Ingo Molnar <mingo@...nel.org> wrote: > > > 2) > > > > Another problem is that strlcpy() will also happily do bad stuff if we pass > > it a negative size. Instead of that we will from now on print a (one time) > > warning and return safely. > > Hm, so this check is buggy, as 'size_t' is unsigned - and for some reason GCC > didn't warn about the never-met comparison and the resulting unreachable dead > code here: > > > + /* Overflow check: */ > > + if (unlikely(dest_size < 0)) { > > + WARN_ONCE(1, "strlcpy(): dest_size < 0 underflow!"); > > + return strlen(src); > > + } > > which is annoying. > > Would people object to something like: > > > + /* Overflow check: */ > > + if (unlikely((ssize_t)dest_size < 0)) { > > + WARN_ONCE(1, "strlcpy(): dest_size < 0 underflow!"); > > + return strlen(src); > > + } > > ? > > As I doubt it's legit to have larger than 2GB strings. > > Also, I'm wondering why GCC didn't warn. Hm, so GCC (v4.9.2) will only warn about this bug if -Wtype-limits is enabled explicitly: lib/string.c: In function ‘strlcpy’: lib/string.c:228:32: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if (unlikely((size_t)dst_size < 0)) { ^ ... which we don't do in the kernel. Has anyone considered enabling -Wtype-limits? It seems to catch real bugs. I can see there are patches that enable -Wextra (which enables -Wtype-limits and many other warnings), but it would be more manageable to just enable one such warning at a time. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists