From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Yfo0=6U=arm.com=Szabolcs.Nagy@sourceware.org>
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on2042.outbound.protection.outlook.com [40.107.13.42])
	by sourceware.org (Postfix) with ESMTPS id B094C385840F
	for <libc-alpha@sourceware.org>; Fri, 24 Feb 2023 10:19:49 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B094C385840F
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
 s=selector2-armh-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=cjyapW6wK+ld0PhKgntNRRWkhHW4BydciFgKTSrSVTs=;
 b=CturqLDljLGnrI2h/t5aM+conNzXy2cvw85eH4xbAdJKiqYoSbkMiGgQTRMLhORD3Q9kWFWdtaqd8st26LOGAhVtkxNYNLzHBPW/4u3RUJCUWzpbeudBfq6eFsT211YoMfKuqjo/pFCYGpMPy4qhSaHrXeKjEFiwp+28AcifONY=
Received: from DB6PR1001CA0017.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:4:b7::27)
 by DB9PR08MB9489.eurprd08.prod.outlook.com (2603:10a6:10:458::6) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.24; Fri, 24 Feb
 2023 10:19:44 +0000
Received: from DBAEUR03FT043.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:4:b7:cafe::bc) by DB6PR1001CA0017.outlook.office365.com
 (2603:10a6:4:b7::27) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.21 via Frontend
 Transport; Fri, 24 Feb 2023 10:19:44 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
 smtp.mailfrom=arm.com; dkim=pass (signature was verified)
 header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 63.35.35.123 as permitted sender) receiver=protection.outlook.com;
 client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
 pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
 DBAEUR03FT043.mail.protection.outlook.com (100.127.143.24) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6134.24 via Frontend Transport; Fri, 24 Feb 2023 10:19:44 +0000
Received: ("Tessian outbound 43b0faad5a68:v132"); Fri, 24 Feb 2023 10:19:44 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: d02aa4bc267f2a32
X-CR-MTA-TID: 64aa7808
Received: from 4fbdd771eb1a.1
	by 64aa7808-outbound-1.mta.getcheckrecipient.com id A2A7172D-6370-4B70-99C0-304B94D7EC7B.1;
	Fri, 24 Feb 2023 10:19:37 +0000
Received: from EUR01-VE1-obe.outbound.protection.outlook.com
    by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 4fbdd771eb1a.1
    (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
    Fri, 24 Feb 2023 10:19:37 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Xs9qF6ApRT8VZCn0TAz6NRypluZ6avsrtBbHcwbiWNys+qBlAIL8JLrpPJK7cFUB9EXgxpALD9BZNlia9SVHswCZeVj5PVogYTHBodK41FhY6bcpnlHE6SEJuOaFl0y2xNdPQyNJpW7tlDSqCfCP7KF45rzLuL1nzsEm3N6v7GiWSfpq3jgZkVL3oWL2A1WssCMDncN7oru/tXBvRYT+1YC5fl4eYTKFLukpC4lsWUeV61lOU1PauL9Duz5Tfh++oKDwWNe2tRWmDtExcyXmD4HDxdQAke6YtIint+pXphKbqrkmwt/sJEj+uJ3Bd9owpVJ0eLHLnbDWndfe0y9cyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=cjyapW6wK+ld0PhKgntNRRWkhHW4BydciFgKTSrSVTs=;
 b=dXpb55bB5hz/2jNVlafk2kVjxKW9zDDSWwjthgd0u+2rQf1Rn42zR1ghltH/4n2AxUC0cyeob7rhRUz/hTkHZig4iu5N2ZeCwa+t75aPTA0hl37K0akHvgVwUS0mRz94i/EKw1CfmTNSeX1ERoy+tVxUGDuTuNPORiw+BmybPBB+CeXGfgSIAJvwBGAHzeJcGbwHCbFVYULFSgD4QVNVwDxsUCwiG4vPeNMVUNhIFeq94B0KnoQkkJtydurP0Em5Jwj8Jt8K99I4vFAt1N1teORIIgZdZJN6EEHMrQX5jwJQKOlCDeYj6pADZmDGo3XD67qLVCF2AI0JBV3Chuxaaw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass
 header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
 s=selector2-armh-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=cjyapW6wK+ld0PhKgntNRRWkhHW4BydciFgKTSrSVTs=;
 b=CturqLDljLGnrI2h/t5aM+conNzXy2cvw85eH4xbAdJKiqYoSbkMiGgQTRMLhORD3Q9kWFWdtaqd8st26LOGAhVtkxNYNLzHBPW/4u3RUJCUWzpbeudBfq6eFsT211YoMfKuqjo/pFCYGpMPy4qhSaHrXeKjEFiwp+28AcifONY=
Authentication-Results-Original: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=arm.com;
Received: from DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19)
 by AM8PR08MB5809.eurprd08.prod.outlook.com (2603:10a6:20b:1db::17) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.24; Fri, 24 Feb
 2023 10:19:35 +0000
Received: from DB9PR08MB7179.eurprd08.prod.outlook.com
 ([fe80::e3d1:5a4:db0c:43cc]) by DB9PR08MB7179.eurprd08.prod.outlook.com
 ([fe80::e3d1:5a4:db0c:43cc%7]) with mapi id 15.20.6134.024; Fri, 24 Feb 2023
 10:19:35 +0000
Date: Fri, 24 Feb 2023 10:19:15 +0000
From: Szabolcs Nagy <szabolcs.nagy@arm.com>
To: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
Cc: Florian Weimer <fweimer@redhat.com>, "H.J. Lu" <hjl.tools@gmail.com>,
	Noah Goldstein <goldstein.w.n@gmail.com>, libc-alpha@sourceware.org
Subject: Re: [PATCH v2] string: Fix OOB read on generic strncmp
Message-ID: <Y/iPI784YA0wMt3t@arm.com>
References: <20230222163159.3446687-1-adhemerval.zanella@linaro.org>
 <Y/ZPFmLgwSNgxphJ@arm.com>
 <ef6c9254-0815-4143-99fb-8b63845fb7fe@linaro.org>
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <ef6c9254-0815-4143-99fb-8b63845fb7fe@linaro.org>
X-ClientProxiedBy: SA0PR11CA0068.namprd11.prod.outlook.com
 (2603:10b6:806:d2::13) To DB9PR08MB7179.eurprd08.prod.outlook.com
 (2603:10a6:10:2cc::19)
MIME-Version: 1.0
X-MS-TrafficTypeDiagnostic:
	DB9PR08MB7179:EE_|AM8PR08MB5809:EE_|DBAEUR03FT043:EE_|DB9PR08MB9489:EE_
X-MS-Office365-Filtering-Correlation-Id: 41239b0f-e806-4526-5923-08db1650a60c
x-checkrecipientrouted: true
NoDisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
 7lRImzpbsOUZL+QzDl8gVYAyNSRUxttpizQD86Z9VSIYcveU6yRS65n/n6SaQVmXrq/TExDUYqB+AGZAy4aWLWk3cKuMk1i4/fJO170TUFqC8kta31/JZ4yOBpkXqTNckNKwZLBQ3UhYBGdFsCWXg+wVSwHujAS7d4uIDbBg69YWXJbVNn71gYY9YKNMiLm467Ui1jMQYZ+OI/qeotjDalBqXXYijvXnSRcgOKEbZCB8zA/1IaHsiQGgzulMTHMiD9f7jRD90PhyrtqatlGGLU0IXAyfVlcilSQRXEUxgP3JcujXKRnsi928jGQqEvyMljfnSeGIx3xh/UAaOL2VHQO+V8lyuXyExrbztlAJ9lyK6xvQQxgsztm3S/geUtR1aTakKBmD65TKDMEoxGLysxdsKxY/VDi16DECQK6rUdAFotMaCjVy2AcOImd7Ri6woi3Zhn7sLrZS6RddyfvC+TByc+MH3A3EcukUcciELMuIImlwBof3vpJHb8Fb4HDub+gZIHYqvn8fj+RPdlajZtYpGt/1UkVPVQ7kDTLZeGAVbkFHAek6+ocOmR0g8c4AZcyuV5dDe1DVhEUhXbhamReTt0exs/hW5j/YyzHtKjoxQmxu93M5yGZz52uUDvAOhU29vhlE4yP6wLXOvYd3oJJpXN4krJHMgWzU4kntMx9fUkvGKttLl8x591CdtlA4o+ZicJnMVpS8TdFtDGsf6j6xXi28HB3Xjyc7ztttfEX4dXBqhMwFPZROPa4LZCHiFupWeTOQt8wf2n/2XKm4ww==
X-Forefront-Antispam-Report-Untrusted:
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR08MB7179.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(376002)(366004)(39860400002)(136003)(396003)(346002)(451199018)(36756003)(8676002)(66476007)(478600001)(6666004)(6486002)(966005)(83380400001)(2616005)(186003)(6506007)(6512007)(26005)(8936002)(41300700001)(2906002)(44832011)(5660300002)(86362001)(316002)(54906003)(38100700002)(66556008)(4326008)(6916009)(66946007)(41533002)(17423001)(156123004);DIR:OUT;SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR08MB5809
Original-Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
 DBAEUR03FT043.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs:
	67c58da5-c081-42b3-b5e9-08db1650a057
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
	OmVnie/sfHTtRCL9U19JOX6xWooOcg7LOvYrbCjEyXIMZV/VqmGMW8OJJBsEvrtAkv4Gsr7P41dx3OElJ/7EPDT+l1gcUm6T6XtcUlM1Vr+bso95hP1rzbOgXoixk7W0SfMMPkP5PqdcrYfhbq9h8o5PICP340rLlOk+wzVWKgjkiVL+vsPayu0++30z67ZY94SysFnbs7ipkV37k5ecgqHB8COZa8Nn7cGLENM+EZIpJdfgn+OFDzfj2c3Ux/OykkT++36Fpm3pJ/XWiVDfZokB+4SvPqDy389XbZbqE5PGI3sMzxlwk4oWmwOGKGNf9pAXlPNyR/ACTF9a9I3JrZ2ykG/kXfvUBE5jWqpHFrq5GVl8BokGjkY273gM2oJyYHDuUBWXbYSsRuczy9yTsIkLmIkfcYxP9+xWRezB53qbAslU2VTbKcc9Go+loSDL9skFdQmSLHzv21HKAyDiD58zyWzfzOo34fBHYvvEPUWrHRa6Zd8g+kg6ecV190nzXB0ywMJGdGiknX2LlMtX0VKmwMhr5aKIwwq7KkMkZE+ES//QGebbt8aecBhDvqSLfuMhrr34ssj6+w0HOVYjF2SDLT5UaEnhoTqYhkrswPAqjwU2W+KN9w9BUsHiQtVjgliD0XeFpENLzydX7BAhw18U3MHTdT5XZOh0OfK44MpyeXeLvY26CU8U37hypgmfocOWnjjCyb2W8CZj5nQD/b0qsG7SDiEywDzZ5x1eOMUt4RF67sTKgOp8gjDNM6zx1nWVDRaAoKoR+dNrtij+0Jkj51PQn+au0QktgpWAN3Hqj6+olEU6xBWomgmSJdQM
X-Forefront-Antispam-Report:
	CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230025)(4636009)(39860400002)(346002)(396003)(136003)(376002)(451199018)(36840700001)(46966006)(40470700004)(6862004)(8936002)(54906003)(81166007)(316002)(82740400003)(336012)(26005)(36756003)(186003)(6506007)(6512007)(478600001)(40460700003)(356005)(86362001)(6486002)(966005)(6666004)(40480700001)(44832011)(2906002)(2616005)(82310400005)(5660300002)(41300700001)(47076005)(36860700001)(83380400001)(8676002)(70586007)(70206006)(4326008)(41533002)(17423001)(156123004);DIR:OUT;SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Feb 2023 10:19:44.2079
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 41239b0f-e806-4526-5923-08db1650a60c
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource:
	DBAEUR03FT043.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB9489
X-Spam-Status: No, score=-5.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,KAM_DMARC_NONE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

The 02/23/2023 15:15, Adhemerval Zanella Netto wrote:
> Noah has brought to my attention that he tried to add similar tests,
> but they were rejected by strncmp string must be null-terminated [1].
> 
> The working drafts for C standard I have access (n1256.pdf for C99 and 
> n3047.pdf for c2x) do not say possibly null-terminated array (as some
> stackoverflow answer state [2]) they refer only as array. So I tend
> to follow Florian understanding that strncmp inputs should be NULL
> terminated.

c11 draft is n1570.pdf
https://open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf

i dont understand what extension Florian is talking about.
(i think that was about strcmp not strncmp)

c11 and c23 are clear that strncmp args may *not* be null-terminated
so i think we should be careful not to overread.

glibc itself has test code that relies on this: crypt/badsalttest

> 
> So should we really consider this a OOB read on generic strncmp?
> 
> [1] https://sourceware.org/pipermail/libc-alpha/2022-January/135130.html
> [2] https://stackoverflow.com/questions/41418766/is-it-legal-to-pass-a-non-null-terminated-string-to-strncmp-in-c