Heimdal working around gcc strcmp issue, can someone check Samba

Andreas Schneider asn at samba.org
Mon Nov 22 12:26:14 UTC 2021

On Wednesday, November 17, 2021 5:45:45 AM CET Douglas Bagnall via samba-
technical wrote:
> On 16/11/21 7:01 pm, Andrew Bartlett via samba-technical wrote:
> > I just got notified of this PR for Heimdal:
> > https://github.com/heimdal/heimdal/pull/855
> > 
> > Can someone work out how much this bites Samba (and can we just ban the
> > buggy compilers?)
> Although
>      if (strcmp(a, b)) {
> is contrary to our target style, my reading of the bug is that it does
> not affect strcmp, AND it does not affect the
>      if (memcmp(a, b, len)) {
> case, because of the implicit `!= 0` there. See
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189#c17

Isn't this clear about the problem:

After looking at the GCC patch that fixes this, we believe that this bug only 
occurs when
  * at least one of the compared byte arrays is constant and has a zero byte 
in position 0, 1, 2, or 3, *and*
  * the result of the memcmp isn't immediately used in a "== 0" or "!= 0" test 
(or equivalently "if(memcmp(...))" or "if(!memcmp(...))").

So what actually needs fixing in heimdal and samba's heimdal code is RC4:


Looking at Samba code I found:


`rg memcmp | rg zero` looks fine for me.


Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

More information about the samba-technical mailing list