This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Implement C11 annex K?
- From: Florian Weimer <fweimer at redhat dot com>
- To: libc-alpha at sourceware dot org
- Date: Thu, 14 Aug 2014 11:55:48 +0200
- Subject: Re: Implement C11 annex K?
- Authentication-results: sourceware.org; auth=none
- References: <E1XHe8v-0004Ur-Hp at rmm6prod02 dot runbox dot com> <Pine dot LNX dot 4 dot 64 dot 1408132054090 dot 16622 at digraph dot polyomino dot org dot uk> <53EBD7D9 dot 1040008 at cs dot ucla dot edu> <20140813213520 dot GQ12888 at brightrain dot aerifal dot cx> <53EBEACD dot 3070000 at googlemail dot com> <87k36cc559 dot fsf at windlord dot stanford dot edu> <20140814022501 dot GT12888 at brightrain dot aerifal dot cx> <87r40jbq2p dot fsf at windlord dot stanford dot edu> <20140814054610 dot GV12888 at brightrain dot aerifal dot cx> <87ha1fbnrp dot fsf at windlord dot stanford dot edu>
On 08/14/2014 08:15 AM, Russ Allbery wrote:
The second part is what I've often suspected is behind the resistence to
strlcpy and strlcat. Folks making that argument are confident enough in
their ability to write C code and length calculation that they don't feel
the need for any further safety measure.
Here's a security bug which resulted from the incorrect use of strlcpy:
<http://www.samba.org/samba/security/CVE-2014-3560>
<https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630d>
If glibc had provided a fortified version of strlcpy, Samba had used it,
and nmbd had been compiled with -O3, this we would have been able to
rule out code execution completely (but the crash would have remained,
of course).
Instead, like many other projects, Samba rolls their own version of
strlcpy, which doesn't know about __builtin_object_size and other GNU
extensions.
--
Florian Weimer / Red Hat Product Security