Heimdal working around gcc strcmp issue, can someone check Samba

Mon Nov 22 12:26:14 UTC 2021

On Wednesday, November 17, 2021 5:45:45 AM CET Douglas Bagnall via samba-
technical wrote:
> On 16/11/21 7:01 pm, Andrew Bartlett via samba-technical wrote:
> > I just got notified of this PR for Heimdal:
> > https://github.com/heimdal/heimdal/pull/855
> > 
> > Can someone work out how much this bites Samba (and can we just ban the
> > buggy compilers?)
> 
> Although
> 
>      if (strcmp(a, b)) {
> 
> is contrary to our target style, my reading of the bug is that it does
> not affect strcmp, AND it does not affect the
> 
>      if (memcmp(a, b, len)) {
> 
> case, because of the implicit `!= 0` there. See
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189#c17

Isn't this clear about the problem:

--quote--
After looking at the GCC patch that fixes this, we believe that this bug only 
occurs when
  * at least one of the compared byte arrays is constant and has a zero byte 
in position 0, 1, 2, or 3, *and*
  * the result of the memcmp isn't immediately used in a "== 0" or "!= 0" test 
(or equivalently "if(memcmp(...))" or "if(!memcmp(...))").
--quote--

So what actually needs fixing in heimdal and samba's heimdal code is RC4:

https://github.com/heimdal/heimdal/blob/
7ae2dfd853c87f9cbecb6f399de4dad09bad4606/lib/gssapi/krb5/arcfour.c#L390, 
https://github.com/heimdal/heimdal/blob/
7ae2dfd853c87f9cbecb6f399de4dad09bad4606/lib/gssapi/krb5/arcfour.c#L661, 
https://github.com/heimdal/heimdal/blob/
7ae2dfd853c87f9cbecb6f399de4dad09bad4606/lib/gssapi/krb5/arcfour.c#L1279

Looking at Samba code I found:

source4/heimdal/lib/gssapi/krb5/unwrap.c
source4/heimdal/lib/gssapi/krb5/verify_mic.c

`rg memcmp | rg zero` looks fine for me.

	Andreas

-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D