From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on2064.outbound.protection.outlook.com [40.107.6.64]) by sourceware.org (Postfix) with ESMTPS id AF29F38555A0 for ; Fri, 24 Feb 2023 12:24:38 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AF29F38555A0 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mM78gK34VaproxdsBr8CAVA8N0TsUE1xLReb1b5q9e8=; b=YtGja/RdjmkEaR8F1nfDr66vfdSkEk7DIdNZwcCitD3wv1qBiA5F0PV+OM0qgcmjbyd+H6XXeSNpNja9MojralIHoiq+7iUMuApUdGBeL4ox9vvFmQaDsTVw/6VO2Bzbq8uGtrbJcJVXYqCWP9EQFThnZ+Tnv7XYzLGiV8+X58I= Received: from AS9PR06CA0163.eurprd06.prod.outlook.com (2603:10a6:20b:45c::24) by GVXPR08MB7680.eurprd08.prod.outlook.com (2603:10a6:150:6e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.24; Fri, 24 Feb 2023 12:24:31 +0000 Received: from AM7EUR03FT032.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:45c:cafe::12) by AS9PR06CA0163.outlook.office365.com (2603:10a6:20b:45c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.21 via Frontend Transport; Fri, 24 Feb 2023 12:24:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT032.mail.protection.outlook.com (100.127.140.65) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.20 via Frontend Transport; Fri, 24 Feb 2023 12:24:31 +0000 Received: ("Tessian outbound b1d3ffe56e73:v132"); Fri, 24 Feb 2023 12:24:31 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: eaf8f87f01c33e98 X-CR-MTA-TID: 64aa7808 Received: from 3014d3be771c.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 43635FA0-725A-4990-B3F0-ADAB3996D571.1; Fri, 24 Feb 2023 12:24:24 +0000 Received: from EUR03-DBA-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 3014d3be771c.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 24 Feb 2023 12:24:24 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hvR/nPrCR4WxgNFhRrJMOvlW1WOV9Na/FlfvOcFV4Bne4seWFvwFTElG2L6hkyVGcqBYBWDcoOi9qoP5fCZvCoihkyF4eO3+UDLiiq49qsF0taMjDsxEzz+3INN3cqTBrQoECUxz8DdJjb0iL+iIy8m/ddecT/ZPghR6ksa9f2TH1Rsm9O8iG/AIk/opBzhxGtUqVKcKApgO7Iq0suh6uTMly/InySLApptX2K3qOTdGKgQoUcn//6VoA+Lz1+FzYaRkNafLYfMP4SdwM4Owap2P4w0G9n7ojaMXscVEs2aJiy3dv5ZXAQYDwFHBRdS07XudjMX48Lq6oc5b/L5KRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mM78gK34VaproxdsBr8CAVA8N0TsUE1xLReb1b5q9e8=; b=O93rgdWUrWIzW/X1hYxDfB8GX7v0eRfWOMl2xPM0uTIzMQUHxXBYv8JwtRoOw/wRNjXYBVSe33J2tIzFQwbtWOwmvTtoORXVKYwUZyuT3wPehkMCHCbbM0Y51UPSiRvUN3KBYa4fZX2qgwaiW1Wa5gveHMzhDChDtzOOvZ8Lb2d1flfNDfwx4L6M5wKyOdyN/+Mr/+J++HM7qQShViYleTGIKCjeo612hhTzYdQwITOlsT9fYY3erHe/lORUREjswb8k+zq4ZVsZ7RYkEOeMtIpB12E9MbOjVtIyBnAE7TsSirqc+XviVOZQRV56fjFbQORviEcJUK1JWlVvUXKH+w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mM78gK34VaproxdsBr8CAVA8N0TsUE1xLReb1b5q9e8=; b=YtGja/RdjmkEaR8F1nfDr66vfdSkEk7DIdNZwcCitD3wv1qBiA5F0PV+OM0qgcmjbyd+H6XXeSNpNja9MojralIHoiq+7iUMuApUdGBeL4ox9vvFmQaDsTVw/6VO2Bzbq8uGtrbJcJVXYqCWP9EQFThnZ+Tnv7XYzLGiV8+X58I= Received: from PAWPR08MB8982.eurprd08.prod.outlook.com (2603:10a6:102:33f::20) by GV2PR08MB8196.eurprd08.prod.outlook.com (2603:10a6:150:7c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.24; Fri, 24 Feb 2023 12:24:20 +0000 Received: from PAWPR08MB8982.eurprd08.prod.outlook.com ([fe80::dc17:8fa2:cce5:3573]) by PAWPR08MB8982.eurprd08.prod.outlook.com ([fe80::dc17:8fa2:cce5:3573%8]) with mapi id 15.20.6134.021; Fri, 24 Feb 2023 12:24:20 +0000 From: Wilco Dijkstra To: Florian Weimer , Adhemerval Zanella , Szabolcs Nagy CC: 'GNU C Library' Subject: Re: [PATCH v2] string: Fix OOB read on generic strncmp Thread-Topic: [PATCH v2] string: Fix OOB read on generic strncmp Thread-Index: AQHZSEbv5besHPYFREG/LvCBq1s8YA== Date: Fri, 24 Feb 2023 12:24:20 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; x-ms-traffictypediagnostic: PAWPR08MB8982:EE_|GV2PR08MB8196:EE_|AM7EUR03FT032:EE_|GVXPR08MB7680:EE_ X-MS-Office365-Filtering-Correlation-Id: 0deddd41-f09e-456b-be01-08db166214e5 x-checkrecipientrouted: true nodisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: X4zoUfgvtrvPMf/tr+Rd1Uuqkhy4ozYJp/9ebhZxhNtxTqE3gTQl5Q4SKpgVIn7F/BlUwD5dMsau6zXBc+oZJVJJpGQEdOSTIup2JhgoDDn5kmegEjo15YEdkwE5B4r+1ntENva3n7CqAIiHexWptNgzK65eMYqmgHEU4BH6b1tJPDhA8tM7b8xTCJ3a+TlCteXGCmtOgJggTx+AAo9oQ3Tp97TedXP1olZ8mRgi9u0Pfh8O6Ljtx+LtYNdBdtAEQj4OZalAoXKFypcej11gdVn7sWYUO1D1xYgxcJ7lRPHfGB94W+IGOBPOKUwvTSIbMW8LNp35EgOHnH0c6fCKsdrsQus5HRVR//N+ES5JBC/6yrJJagk1Qwugs2iwrFx4vFEEsoR/Hokqn7khXUznLAQ0WDCr6GxtzcXoDLbLzBMYRHVkuHwIReL+EHQGZu0ng7bRE9h6JYhX0ZWdMbMvahkUGDS4aCLF0orwSDfvRY4CF5AOJWaMcvX5uqul/fq/yvYMejrPM+SSJxxR2uL6cjUYPv/d+4izATBgCN1/vuIxWTOktw09F3roguwXIWPFWCM51oR0ncgWYzWmQp839/ONBrUjhLnn3qjXfmVlolV1kvLR2moU18LhJmOPywyfvr0pFBGrdlX4NIXdrkoFUTvkCW/PZCUnXqIKGvlr3/6EIm9k7ntgmN6q/nbXip8ivjSzkWunavx56zGXootjbifzjbzjnXRMfmFCCL7U9YFsSBjZ3oYhwrvAS3gVxp4dbe2qol2H48KXEegANFJqLw== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAWPR08MB8982.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(376002)(346002)(136003)(39860400002)(396003)(366004)(451199018)(7696005)(55016003)(2906002)(91956017)(38070700005)(41300700001)(9686003)(6506007)(186003)(26005)(66946007)(66556008)(76116006)(5660300002)(86362001)(71200400001)(6636002)(83380400001)(316002)(122000001)(66476007)(64756008)(8676002)(66446008)(4326008)(38100700002)(478600001)(110136005)(33656002)(8936002)(52536014)(41533002)(17423001)(156123004);DIR:OUT;SFP:1101; Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR08MB8196 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT032.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 03222b34-8aab-435c-8b2f-08db16620e34 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Y33mDpjZ8Ek6EfAydIPoDeJ8D3Zuu3aM6Q2sxnS+ymH039jXrfCUjtPswF9BSr+B8jKQPU9csQUYWdgnx3vV7SNUKRRNHYO/OMUGmeoSxmCv4dGyEjddbxXlmgBgwWea7NwLalF81dcVqPDkWh1lmWgNdnKivpadh6OERhA5vCz55Cy0GVoHFxazUAzWp7tB9BEEPVpRWaPyOAE3fwyk/5m4Yk+lqCBZfZUKFfFYL4f0l9oNPV9zLZkv67X5AsMDv/HGdxEZlGFFxEmMIWD6MaVejQUqK2XEPoCEmn+YcpmylgdHZnpafBneSz63PHcM8GgxbU3hAH3dIoSytU6VrsfKwNoTf1D1VuFf3aQ2lYo9Ou8Q9KfvS3b7UoCZPPd6Pku8TzA5wzQLBvq1mguuao+UrcHcxpH5mJUuicuPPDhlOc+aJ/xd5eDrBwkuRFNRPIXG74mHjLyJSDHfb7EeT6rHpVqR7BtvdIb4vgp5FWeavk/L+865AbKfkUT1B9IQCxjAW55tDObc5baktyrIT5ZlSgq1rzhUXLs9K+29QDoUeid86kkrN7WQwEEqY4+NLtPobi1ie/zoH6pO6DZMtRsnjU3pjocNikmg/BWcizO2YJCL4zslHE5WAUG3S7Xmaz1EeFOCf2XNp94EDBqVQMuAI7Ttss4/24PATlQEeEYIZiTHp9u23CqyvLIFglhksS0JGXhDgwWdOMt4Ahb4USnX7KFdbd33qkl06KKE8gg207rOHnuTZ5Hqe3fc9o4+AhIZ0xUVZVdmwA3f+hbjcQ== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230025)(4636009)(136003)(396003)(346002)(376002)(39860400002)(451199018)(46966006)(36840700001)(40470700004)(110136005)(316002)(4326008)(70586007)(70206006)(6636002)(82310400005)(356005)(36860700001)(8676002)(82740400003)(81166007)(47076005)(40460700003)(336012)(83380400001)(2906002)(33656002)(478600001)(7696005)(86362001)(55016003)(6506007)(186003)(26005)(9686003)(8936002)(5660300002)(41300700001)(40480700001)(52536014)(41533002)(17423001)(156123004);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Feb 2023 12:24:31.5638 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0deddd41-f09e-456b-be01-08db166214e5 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT032.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXPR08MB7680 X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,KAM_DMARC_NONE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi,=0A= =0A= > It's common to use strncmp as a starts-with predicate, like this:=0A= >=0A= >=A0 strncmp (s, "prefix", 5)=0A= >=0A= > This requires that reading stops at the first null byte. =A0C11 wording= =0A= > makes this kind of usage inadvisable because it treats the inputs as=0A= > arrays, and this means that mean that implementations could read past=0A= > the null byte. =A0But that doesn't match current programming practice.=0A= =0A= C11 says you can't read past the end of the array, but it doesn't say that= =0A= you *must* read past a NUL-byte. My interpretation is that this is a valid= =0A= strncmp implementation:=0A= =0A= int=0A= simple_strncmp (const char *s1, const char *s2, size_t size)=0A= {=0A= size_t len1 =3D strnlen (s1, size);=0A= size_t len2 =3D strnlen (s2, size);=0A= if (len1 < len2)=0A= len1++;=0A= else if (len1 > len2)=0A= len1 =3D len2 + 1;=0A= return memcmp (s1, s2, len1);=0A= }=0A= =0A= Ie. both strings must be valid up until the given size or NUL-terminated if= =0A= smaller. This works on the example above even if the first string is only 1= byte.=0A= =0A= > The strnlen function has the same problem if you want to use it to limit= =0A= > readhead, e.g. in sscanf to fix bug 17577. =A0(POSIX also speaks of an=0A= > array argument.) =A0In stdio-common/Xprintf_buffer_puts_1.c, we already= =0A= > use it to avoid a similar performance glitch. =A0It's not the first such= =0A= > uses, there is already a similar call (with similar rationale) in=0A= > string/strcasestr.c, and for wcsnlen in=0A= > stdio-common/vfprintf-process-arg.c.=0A= >=0A= > I think we should support all these as extensions. =A0The alternative=0A= > would be to add new functions that stop reading after the first null=0A= > byte (particularly for the strnlen optimization).=0A= =0A= Existing functions already do stop after the first NUL byte. Even if the C= =0A= standard doesn't explicitly disallow it, it doesn't seem valid to read beyo= nd=0A= it (a lot of code could fail if we did).=0A= =0A= Cheers,=0A= Wilco=0A=