Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 15 Dec 2012 12:34:34 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Use of strnlen()

On 15 Dec, 2012, at 2:21 , Solar Designer <solar@...nwall.com> wrote:
> On Sat, Dec 15, 2012 at 01:51:07AM +0100, magnum wrote:
>> I tried "#define _XOPEN_SOURCE 700" right before including string.h but it made no difference.
> 
> Feature macros need to be defined before the very first #include
> directive, not before the "relevant" one.  Chances are that it was too
> late to change them at the point where you put the #define.

Ah, yes.

>> And this seem to be a late extension... is there any way I could conditionally use strnlen and fallback to strlen?
> 
> I'd rather avoid using strnlen() in all cases.  Chances are that for the
> very low lengths that we're dealing with a custom loop is faster anyway.

I will experiment with this.

> Additionally, our own code may safely read beyond the NUL byte (if we
> know that our buffer is large enough and we only need to check if the
> length is sufficient, not find out the exact length) - this is something
> we may make use of (e.g., check two chars per loop iteration, without
> bothering about possibly crossing page boundary like libc would have to).
> 
> In fact, the length could be checked in rules_apply(), where it's
> readily known.  Passing an extra argument to that function would have
> performance impact when there's no minimum length specified, though.

This strnlen() thing was about dummy_rules_apply() in wordlist.c. I will rework this, in many cases we actually do know (or can calculate) the length.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ