C11 Annex K support

Szabolcs Nagy Szabolcs.Nagy@arm.com
Wed Jan 16 16:48:00 GMT 2019


On 16/01/2019 16:33, Jeffrey Walton wrote:
> On Wed, Jan 16, 2019 at 11:06 AM Florian Weimer <fweimer@redhat.com> wrote:
>>
>> * Manfred:
>>
>>> To my surprise, it looks like glibc does not support C11 annex K
>>> routines, i.e. strcpy_s and friends.
>>>
>>> Am I missing something?
>>
>> We consider Annex K very problematic:
>>
>>   <http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1969.htm>
> 
> Lol... Strawman arguments...
> 
> libupnp multiple vulnerabilities
> (https://www.kb.cert.org/vuls/id/922681/) is a good case study in how
> just broke the existing stuff can be. Each of the vulnerabilities
> would have been mitigated with the new interfaces because the buffer
> overflow would have been stopped due to the destination buffer size.

there is wide agreement that annex k was a mistake
and the paper gives a good summary of the problems.

read the paper again.

annex k would not help avoiding the particular
vulnerabilities you cite (since rewriting all that
code with annex k apis is error prone and bound to
leave bugs in there), however in the paper you can
find better ways that actually help mitigating
buffer overflow risk in practice (with less effort).

> 
> There's a lot to be said about what happens in real life...
> 
> Jeff
> 



More information about the Libc-help mailing list