Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 27 Jan 2013 21:54:44 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: getting rid of alloca() and variable-sized arrays (was: krb5-23 or wow bug (or what?))

On Sun, Jan 27, 2013 at 06:43:10PM +0100, magnum wrote:
> For portability reasons, or some other reason as well?

Also for reliability and (maybe later) for security reasons.  (I said
"maybe later" because JtR -jumbo is insecure when faced with untrusted
input now, and it is unclear if we'll ever fix that, although it'd be
nice to do so.  We might instead document the risk - in fact, we should
do that for next -jumbo.)

alloca() may bring the stack pointer outside of the stack area, and into
some other area such as the heap.

> There are also some uses of variable-size arrays,

These are just as bad for security and reliability, and are even less
portable.

> which boils down to the same thing. These are harder to just grep out but I can easily list them trying to do OMP with Apple's gcc :)
> 
> How do we get rid of them? Using stack arrays of maximum size that will ever be needed?

We'll need to review and revise the code on a case by case basis.
When there's a clear maximum size and it's small enough, we can use
fixed-size arrays on the stack (and do proper bounds checking).
In other cases, we can allocate dynamic memory and MEM_FREE() it before
the function returns.

I suspect that there are also cases where the allocation can be avoided
altogether without complicating the code much (or even simplifying it).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.