[Bug libc/18091] New: host.conf.5: spoof deprecated ?

[Bug libc/18091] New: host.conf.5: spoof deprecated ?

[saulery at free dot fr]

https://sourceware.org/bugzilla/show_bug.cgi?id=18091

            Bug ID: 18091
           Summary: host.conf.5: spoof deprecated ?
           Product: glibc
           Version: unspecified
               URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=7734
                    43
            Status: NEW
          Severity: minor
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: saulery at free dot fr
                CC: drepper.fsp at gmail dot com, mtk.manpages at gmail dot com,
                    saulery at free dot fr

Hello,

A Debian user reported that [1]:

> spoof* keywords (nospoof, spoofalert, spoof) are here from 1996,
> they are still valid keywords but do not have any effect apparently,
> no libraries or tools use them
> 
> it is misleading to see references to resolv+ and rlogin, the keywords
> are just ignored these days; the only meaning they have is that they are
> allowed by host.conf syntax

The glibc source code seems to confirm that the keywords nospoof, spoofalert
and spoof are accepted but without effects. I could find nothing in the
changelog. Could you please confirm that they are obsolete? I could correct the
man page accordingly.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773443

Regards,

--
Stéphane Aulery

-- 
You are receiving this mail because:
You are on the CC list for the bug.
>From glibc-bugs-return-27771-listarch-glibc-bugs=sources.redhat.com@sourceware.org Sun Mar 08 14:16:53 2015
Return-Path: <glibc-bugs-return-27771-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-glibc-bugs@sources.redhat.com
Received: (qmail 36431 invoked by alias); 8 Mar 2015 14:16:53 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Delivered-To: mailing list glibc-bugs@sourceware.org
Received: (qmail 36353 invoked by uid 48); 8 Mar 2015 14:16:49 -0000
From: "selinger at mathstat dot dal.ca" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug malloc/18092] New: calloc documentation omission
Date: Sun, 08 Mar 2015 14:16:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: malloc
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: selinger at mathstat dot dal.ca
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-18092-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-03/txt/msg00064.txt.bz2
Content-length: 1959

https://sourceware.org/bugzilla/show_bug.cgi?id\x18092

            Bug ID: 18092
           Summary: calloc documentation omission
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: malloc
          Assignee: unassigned at sourceware dot org
          Reporter: selinger at mathstat dot dal.ca

The documentation for calloc():

http://www.gnu.org/software/libc/manual/html_node/Allocating-Cleared-Space.html

states that one could define calloc() as follows:

void *
calloc (size_t count, size_t eltsize)
{
  size_t size = count * eltsize;
  void *value = malloc (size);
  if (value != 0)
    memset (value, 0, size);
  return value;
}

It then all but encourages developers who provide their own malloc() to define
calloc() that way.

This, however, ignores a very significant functionality of calloc(), namely to
guard against overflow errors. Suppose, for example, that size_t is 64 bits
long. Then, for example, calloc(274177, 67280421310721) will return NULL with
an "out of memory" error, whereas malloc(274177 * 67280421310721) will happily
allocate a single byte. The latter can give rise to serious buffer overflow
type vulnerabilities. So one should never implement calloc(c, e) as malloc(c *
e) without checking for overflows.

I suggest to amend the documentation to at least point this out. I.e., change
to:

Ignoring error checking, you could in principle define calloc as follows:

.....


However, note that this implementation is not quite sufficient in practice,
because calloc must also check for overflows in the multiplication count *
eltsize.

Also note that, in general, it is not guaranteed that calloc calls malloc
internally. Therefore, if an application provides its own malloc/realloc/free
outside the C library, it should always define calloc, too.

--
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/18091] host.conf.5: spoof deprecated ?

[saulery at free dot fr]

https://sourceware.org/bugzilla/show_bug.cgi?id=18091

--- Comment #1 from Stéphane Aulery <saulery at free dot fr> ---
Hello,

I dug a little further the source code comparing versions 2.0.6 [1], 2.0.7 [2]
and trunk [3] of glibc and I come to a different conclusion.

The keywords nospoof, spoofalert, spoof and RESOLV_SPOOF_CHECK were
added to glibc 2.0.7 but never implemented and documented in the
changelog.

[1] http://ftp.gnu.org/gnu/glibc/glibc-2.0.6.tar.gz
[2]
http://archive.debian.org/debian/dists/hamm/main/source/libs/glibc_2.0.7t.orig.tar.gz
[3]
https://sourceware.org/git/?p=glibc.git&a=search&h=HEAD&st=grep&s=spoof&sr=1

Regards,

-- 
You are receiving this mail because:
You are on the CC list for the bug.
>From glibc-bugs-return-27848-listarch-glibc-bugs=sources.redhat.com@sourceware.org Fri Mar 13 14:12:39 2015
Return-Path: <glibc-bugs-return-27848-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-glibc-bugs@sources.redhat.com
Received: (qmail 27452 invoked by alias); 13 Mar 2015 14:12:39 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Delivered-To: mailing list glibc-bugs@sourceware.org
Received: (qmail 27393 invoked by uid 48); 13 Mar 2015 14:12:35 -0000
From: "carlos at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug network/18117] add uint64_t accessors to in6_addr union
Date: Fri, 13 Mar 2015 14:12:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: network
X-Bugzilla-Version: 2.21
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: carlos at redhat dot com
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-18117-131-TDb6tzyhRZ@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-18117-131@http.sourceware.org/bugzilla/>
References: <bug-18117-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-03/txt/msg00141.txt.bz2
Content-length: 793

https://sourceware.org/bugzilla/show_bug.cgi?id\x18117

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |carlos at redhat dot com

--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to Shawn Landden from comment #0)
> Created attachment 8186 [details]
> patch
>
> 64-bit architectures are common so this makes sense to have.
> 64-bit arches were not so common 1997-02-16.
>
> (see patch)

Please post to libc-alpha for review.

Please review:
https://sourceware.org/glibc/wiki/Contribution%20checklist

--
You are receiving this mail because:
You are on the CC list for the bug.

[Bug network/18091] host.conf.5: spoof deprecated ?

[jsm28 at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=18091

Joseph Myers <jsm28 at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|libc                        |network

-- 
You are receiving this mail because:
You are on the CC list for the bug.