Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 27 Apr 2016 21:39:28 +0300 (MSK)
From: Alexander Monakov <>
Subject: Re: Removing stupid, spurious UB in stdio (bikeshed time)

On Wed, 27 Apr 2016, Rich Felker wrote:
> > > I think a good place to start might be coming up with and documenting a
> > > clear model for how stdio's buffer internals are supposed to work, what
> > > operations are allowed, what invariants hold, etc. based on the above
> > > analysis of current UB issues and what the code is doing.
> > 
> > would be nice to have; you recently noted that setvbuf has restrictions,
> > and if there are other non-obvious stuff (especially if musl-specific),
> > having it written down should be useful.
> Are you talking about the C-standard-imposed restriction that you can
> only use setvbuf as the first operation on a new FILE? Or something
> else I said that I'm not remembering?

I had in mind your "Non-stub setvbuf" post; "restrictions" was a poor choice
of wording on my part, I guess:

[ quoting from ]

> Right now, musl's stdio setvbuf function does nothing but set the
> buffering mode; it does not honor the buffer provided by the caller.
> This is perfectly conforming (whether or how the buffer is used is
> unspecified), but I realized from the recent thread about OpenSSH's
> CVE-2016-0777 on oss-security that a non-stub setvbuf admits a nice
> type of hardening:
> In short, the application has no way to scrub implementation-internal
> stdio buffers that might contain sensitive data read from or written
> to files, but it can scrub buffers it provides via setvbuf. So, I'd
> like to start actually using the latter, so that apps that attempt
> this hardening measure can benefit from it on musl like they would on
> other implementations.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.