Sujet : Re: A Famous Security Bug
De : invalid (at) *nospam* invalid.invalid (Richard Kettlewell)
Groupes : comp.lang.cDate : 27. Mar 2024, 12:12:03
Autres entêtes
Organisation : terraraq NNTP server
Message-ID : <wwvedbw6i9o.fsf@LkoBDZeT.terraraq.uk>
References : 1 2
User-Agent : Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
ram@zedat.fu-berlin.de (Stefan Ram) writes:
i = mylib_random( sizeof( buffer ));
Ensures( buffer[ i ]== 0 );
>
. How could one implement "Ensures" in C? The first thing that
comes to mind is a call to "assert" of course.
The assert gets compiled out too.
But I also have to think of an "escape" Chandler Carruth mentioned
it in one talk. IIRC, it was something along the lines of
>
static void escape( volatile void * p )
{ asm volatile( "" : : "g"(p) : "memory" ); }
>
(which might not be standard C). Now, if you call "escape( buffer )"
at the end of the definition of the function "f" above, the compiler
knows that the contents of buffer has become visible to the outside
world, so that the effects of the "memset" operation become visible
externally, which means that the "memset" call cannot be elided.
Indeed it’s not standard C, but variants of it are a common strategy on
compilers that support it.
The flaw is that any data from the target buffer that’s been copied into
registers or other temporary storage isn’t erased. How much that matters
is situational. In principle C23’s memset_explicit could address this.
-- https://www.greenend.org.uk/rjk/ 
Re: A Famous Security Bug
Re: A Famous Security Bug