This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Unbound alloca in crypt routines

From: Marek Polacek <polacek at redhat dot com>
To: Jeff Law <law at redhat dot com>
Cc: libc-alpha at sources dot redhat dot com
Date: Thu, 29 Mar 2012 19:11:48 +0200
Subject: Re: [PATCH] Unbound alloca in crypt routines
References: <4F74940F.1010702@redhat.com>

On Thu, Mar 29, 2012 at 10:55:43AM -0600, Jeff Law wrote:
> 	* crypt/md5-crypt (__md5_crypt_r): Avoid unbounded alloca uses
			^^
Missing ".c".

> 	due to long  keys.
		   ^^
Redundant space.

> @@ -120,7 +121,22 @@ __md5_crypt_r (key, salt, buffer, buflen
>  
>    if ((key - (char *) 0) % __alignof__ (md5_uint32) != 0)
>      {
> -      char *tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
> +      char *tmp;
> +
> +      /* An attacker could use a very long key to clobber another
> + 	 thread's stack or heap areas.  Punt to malloc if the key is
> +	 long.  Alloca should abolished.  */

Missing word in last sentence?

> +      if (__libc_use_alloca (key_len + __alignof__ (md5_uint32)))
> +	{
> +	  tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
> +	}

Those { } aren't really necessary here (and in further code).

	Marek

Follow-Ups:
- Re: [PATCH] Unbound alloca in crypt routines
  - From: Jeff Law

References:
- [PATCH] Unbound alloca in crypt routines
  - From: Jeff Law

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]