lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 28 Feb 2019 16:57:06 -0700
From:   Shaobo He <shaobo@...utah.edu>
To:     Bart Van Assche <bvanassche@....org>, linux-rdma@...r.kernel.org
Cc:     Steve Wise <swise@...lsio.com>, Doug Ledford <dledford@...hat.com>,
        Jason Gunthorpe <jgg@...pe.ca>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] cxgb4: fix undefined behavior in mem.c

Good catch. But if we agree on that memory management functions are those 
specified by the C standard, would it be OK to ignore so-called use after free 
or double free bugs for the kernel as C standard does not apply to kfree?

On 2/28/19 4:33 PM, Bart Van Assche wrote:
> On Thu, 2019-02-28 at 16:18 -0700, Shaobo He wrote:
>> I can't afford a pdf version of the C standard. So I looked at the draft version
>> used in the link I put in the commit message. It says (in 6.2.4:2),
>>
>> ```
>> The lifetime of an object is the portion of program execution during which
>> storage is guaranteed to be reserved for it. An object exists, has a constant
>> address, and retains its last-stored value throughout its lifetime. If an object
>> is referred to outside of its lifetime, the behavior is undefined. The value of
>> a pointer becomes indeterminate when the object it points to (or just past)
>> reaches the end of its lifetime.
>> ```
>> I couldn't find the definition of lifetime over a dynamically allocated object
>> in the draft of C standard. I refer to this link
>> (https://en.cppreference.com/w/c/language/lifetime) which suggests that the
>> lifetime of an allocated object ends after the deallocation function is called
>> upon it.
>>
>> I think maybe the more problematic issue is that the value of a freed pointer is
>> intermediate.
> 
> In another section of the same draft I found the following:
> 
> J.2 Undefined behavior [ ... ] The value of a pointer that refers to space
> deallocated by a call to the free or realloc function is used (7.22.3).
> 
> Since the C standard explicitly refers to free() and realloc(), does that
> mean that that statement about undefined behavior does not apply to munmap()
> (for user space code) nor to kfree() (for kernel code)?
> 
> Bart.
> 

Powered by blists - more mailing lists