| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150930042822.GA8249@openwall.com>
Date: Wed, 30 Sep 2015 07:28:23 +0300
From: Solar Designer <solar@...nwall.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Specification of a modular crypt format (2)
On Wed, Sep 30, 2015 at 04:18:28AM +0000, Peter Gutmann wrote:
> Solar Designer <solar@...nwall.com> writes:
>
> >That's true, and your code works, but I gave strtoul() a try anyway.
>
> It has the same problem as atol(), it uses in-band signalling for errors
> (which means, at least for my purposes, that I consider it unusable).
It also has out-of-band if you don't mind resetting errno to zero before
calling strtoul(), like POSIX explicitly recommends:
http://pubs.opengroup.org/onlinepubs/009695399/functions/strtoul.html
"Since 0, {ULONG_MAX}, and {ULLONG_MAX} are returned on error and are
also valid returns on success, an application wishing to check for error
situations should set errno to 0, then call strtoul() or strtoull(),
then check errno."
The code I posted does just that.
> Thomas' version (and mine) don't.
Sure. My wrapper function around strtoul() doesn't, either. It has
the side-effect of clobbering errno even when there's no error, though;
but I could save and restore errno to avoid that if we care.
Anyway, it was just an experiment to see how bad strtoul() is, and the
answer is: pretty bad, yet repairable with a wrapper. This experiment
also happened to test Thomas' code.
Alexander
Powered by blists - more mailing lists