From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <adhemerval.zanella@linaro.org>
Received: from mail-oi1-x22a.google.com (mail-oi1-x22a.google.com
 [IPv6:2607:f8b0:4864:20::22a])
 by sourceware.org (Postfix) with ESMTPS id 8CB6B385782A
 for <libc-alpha@sourceware.org>; Fri, 21 Jan 2022 17:31:38 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8CB6B385782A
Received: by mail-oi1-x22a.google.com with SMTP id bb37so14542330oib.1
 for <libc-alpha@sourceware.org>; Fri, 21 Jan 2022 09:31:38 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
 :content-language:to:cc:references:from:in-reply-to
 :content-transfer-encoding;
 bh=3jD5j6k3iKAcjRgk/VezY3ZaQBwxdSqLIFCziSKUnIw=;
 b=PrJMDPkitXka0vValnTf+yIdjKCOJjXcP/89WG3lY4oj+3MTWwxepjQI9iUY6qS38P
 j7j6rc/Z/i4Bw3JIbPhTnBEjRN3s3LX6t97FGGgSURI2orrOaEvsCQLrN9wuIuTcVMt4
 PB80y4GNp1eia2Vfj3meKp40EX0KmYrW2SeqHZa1gq1ChdmWHycJ4d5EYx4Sid4UWryt
 k12TCE3PJez4R6TSbQqZTmx+CrJ6eq22/QOOOjW5W6oimL06YEoOVeRtDLnaNGZ/VSAn
 iIJLUHXnWI0B7Ty9g7DKiX5LCKjC5EthH6Yb73Ugakq22jrOaB3pO9qLTpTa76cm0sjw
 LXZQ==
X-Gm-Message-State: AOAM530sBDxhxMhCDoaKAIblAgsbO1NDEWzkuNKwKJPSvuugiceSIYvF
 lLPPkIhFxP4khmRffu3K4HdwGQ==
X-Google-Smtp-Source: ABdhPJyldiB+uTjBTkWERyf+JHvCuzh+Z34QmYS6HMKEoRa8Ujd7KpiaeynRS5roUybCIulxqP1uKg==
X-Received: by 2002:aca:5cc2:: with SMTP id q185mr1435204oib.74.1642786297645; 
 Fri, 21 Jan 2022 09:31:37 -0800 (PST)
Received: from ?IPV6:2804:431:c7cb:27f8:f8b7:bc61:9607:9ecb?
 ([2804:431:c7cb:27f8:f8b7:bc61:9607:9ecb])
 by smtp.gmail.com with ESMTPSA id j18sm1093068oou.47.2022.01.21.09.31.36
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 21 Jan 2022 09:31:37 -0800 (PST)
Message-ID: <018f8973-2ef6-fefe-0a0d-b6f090d35d10@linaro.org>
Date: Fri, 21 Jan 2022 14:31:34 -0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.5.0
Subject: Re: [PATCH v3 3/3] getcwd: Set errno to ERANGE for size == 1
 (CVE-2021-3999)
Content-Language: en-US
To: Siddhesh Poyarekar <siddhesh@sourceware.org>, libc-alpha@sourceware.org
Cc: eggert@cs.ucla.edu, fweimer@redhat.com,
 Qualys Security Advisory <qsa@qualys.com>
References: <20220119082147.3352868-1-siddhesh@sourceware.org>
 <20220120093252.1911498-1-siddhesh@sourceware.org>
 <20220120093252.1911498-4-siddhesh@sourceware.org>
 <aa7dc3d1-f09d-8985-46ee-f493787a8a40@linaro.org>
 <e71a0092-4e34-0c6c-7217-aabc70f0a1ea@sourceware.org>
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
In-Reply-To: <e71a0092-4e34-0c6c-7217-aabc70f0a1ea@sourceware.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jan 2022 17:31:39 -0000



On 21/01/2022 14:26, Siddhesh Poyarekar wrote:
> On 21/01/2022 22:11, Adhemerval Zanella wrote:
>>
>>
>> On 20/01/2022 06:32, Siddhesh Poyarekar wrote:
>>> +  cmsg = CMSG_FIRSTHDR (&msg);
>>> +  if (cmsg == NULL)
>>> +    return -1;
>>> +  if (cmsg->cmsg_type != SCM_RIGHTS)
>>> +    return -1;
>>> +  fd = *(const int *) CMSG_DATA (cmsg);
>>
>> Same as before, I think you will need to copy to a temporary using memcpy.
> 
> Why not just:
> 
>     memcpy (&fd, CMSG_DATA (cmsg), sizeof (fd));
> 
> i.e., is a temporary necessary?

Not really, the above works just fine.