Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120330184333.GA31260@openwall.com>
Date: Fri, 30 Mar 2012 22:43:33 +0400
From: Solar Designer <solar@...nwall.com>
To: Jeff Law <law@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()

On Fri, Mar 30, 2012 at 12:27:31PM -0600, Jeff Law wrote:
> I think the right way to handle the return value is to return NULL for 
> these cases.  It's posix complaint and the glibc crypt routines already 
> return NULL for exceptional conditions.

Do you realize that plenty of services that use crypt() - likely the
majority of them, even - don't handle NULL returns, so they will
segfault when these conditions are triggered?  (That's assuming there
is no way for an attacker to get something mmap()'ed at NULL in the
service.)  I think the NULL returns got into POSIX starting with 2001;
if so, anything written earlier than that legitimately does not handle
NULL returns (and indeed a lot of newer code also does not).

I have to admit that DragonFly BSD also recently went with NULL returns,
and I failed to convince them to do otherwise.

NetBSD went with my suggestion of "*0" / "*1", though.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.