lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <68C4DE68-D996-43FA-BC16-06F13557E494@kloenk.dev>
Date: Thu, 04 Jul 2024 16:47:37 +0200
From: Finn Behrens <me@...enk.dev>
To: Miguel Ojeda <ojeda@...nel.org>
Cc: Wedson Almeida Filho <wedsonaf@...il.com>,
 Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>,
 Gary Guo <gary@...yguo.net>,
 Björn Roy Baron <bjorn3_gh@...tonmail.com>,
 Benno Lossin <benno.lossin@...ton.me>,
 Andreas Hindborg <a.hindborg@...sung.com>, Alice Ryhl <aliceryhl@...gle.com>,
 rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org,
 patches@...ts.linux.dev
Subject: Re: [PATCH 07/13] rust: warn about `bindgen` versions 0.66.0 and
 0.66.1



On 1 Jul 2024, at 20:36, Miguel Ojeda wrote:

> `bindgen` versions 0.66.0 and 0.66.1 panic due to C string literals with
> NUL characters [1]:
>
>     panicked at .cargo/registry/src/index.crates.io-6f17d22bba15001f/bindgen-0.66.0/codegen/mod.rs:717:71:
>     called `Result::unwrap()` on an `Err` value: FromBytesWithNulError { kind: InteriorNul(4) }
>
> Thus, in preparation for supporting several `bindgen` versions, add a
> version check to warn the user about it.
>
> We could make it an error, but 1) it is going to fail anyway later in the
> build, 2) we would disable `RUST` automatically, which is also painful,
> 3) someone could be using a patched `bindgen` at that version, 4) the
> interior NUL may go away in the headers (however unlikely). Thus just
> warn about it so that users know why it is failing.
>
> In addition, add a test for the new case.
>
> Link: https://github.com/rust-lang/rust-bindgen/pull/2567 [1]
> Signed-off-by: Miguel Ojeda <ojeda@...nel.org>

Reviewed-by: Finn Behrens <me@...enk.dev>

> ---
>  scripts/rust_is_available.sh      | 8 ++++++++
>  scripts/rust_is_available_test.py | 7 +++++++
>  2 files changed, 15 insertions(+)
>
> diff --git a/scripts/rust_is_available.sh b/scripts/rust_is_available.sh
> index 67cb900124cc..33bbd01ffe51 100755
> --- a/scripts/rust_is_available.sh
> +++ b/scripts/rust_is_available.sh
> @@ -165,6 +165,14 @@ if [ "$rust_bindings_generator_cversion" -gt "$rust_bindings_generator_min_cvers
>  	echo >&2 "***"
>  	warning=1
>  fi
> +if [ "$rust_bindings_generator_cversion" -eq 6600 ] || [ "$rust_bindings_generator_cversion" -eq 6601 ]; then
> +	echo >&2 "***"
> +	echo >&2 "*** Rust bindings generator '$BINDGEN' versions 0.66.0 and 0.66.1 may not"
> +	echo >&2 "*** work due to a bug (https://github.com/rust-lang/rust-bindgen/pull/2567)."
> +	echo >&2 "***   Your version:     $rust_bindings_generator_version"
> +	echo >&2 "***"
> +	warning=1
> +fi
>
>  # Check that the `libclang` used by the Rust bindings generator is suitable.
>  #
> diff --git a/scripts/rust_is_available_test.py b/scripts/rust_is_available_test.py
> index a255f79aafc2..2b887098c19d 100755
> --- a/scripts/rust_is_available_test.py
> +++ b/scripts/rust_is_available_test.py
> @@ -226,6 +226,13 @@ else:
>          result = self.run_script(self.Expected.SUCCESS_WITH_WARNINGS, { "BINDGEN": bindgen })
>          self.assertIn(f"Rust bindings generator '{bindgen}' is too new. This may or may not work.", result.stderr)
>
> +    def test_bindgen_bad_version_0_66_0_and_0_66_1(self):
> +        for version in ("0.66.0", "0.66.1"):
> +            with self.subTest(version=version):
> +                bindgen = self.generate_bindgen_version(f"bindgen {version}")
> +                result = self.run_script(self.Expected.SUCCESS_WITH_WARNINGS, { "BINDGEN": bindgen })
> +                self.assertIn(f"Rust bindings generator '{bindgen}' versions 0.66.0 and 0.66.1 may not", result.stderr)
> +
>      def test_bindgen_libclang_failure(self):
>          for env in (
>              { "LLVM_CONFIG_PATH": self.missing },
> -- 
> 2.45.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ