Heimdal working around gcc strcmp issue, can someone check Samba
Andreas Schneider
asn at samba.org
Mon Nov 22 12:26:14 UTC 2021
On Wednesday, November 17, 2021 5:45:45 AM CET Douglas Bagnall via samba-
technical wrote:
> On 16/11/21 7:01 pm, Andrew Bartlett via samba-technical wrote:
> > I just got notified of this PR for Heimdal:
> > https://github.com/heimdal/heimdal/pull/855
> >
> > Can someone work out how much this bites Samba (and can we just ban the
> > buggy compilers?)
>
> Although
>
> if (strcmp(a, b)) {
>
> is contrary to our target style, my reading of the bug is that it does
> not affect strcmp, AND it does not affect the
>
> if (memcmp(a, b, len)) {
>
> case, because of the implicit `!= 0` there. See
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189#c17
Isn't this clear about the problem:
--quote--
After looking at the GCC patch that fixes this, we believe that this bug only
occurs when
* at least one of the compared byte arrays is constant and has a zero byte
in position 0, 1, 2, or 3, *and*
* the result of the memcmp isn't immediately used in a "== 0" or "!= 0" test
(or equivalently "if(memcmp(...))" or "if(!memcmp(...))").
--quote--
So what actually needs fixing in heimdal and samba's heimdal code is RC4:
https://github.com/heimdal/heimdal/blob/
7ae2dfd853c87f9cbecb6f399de4dad09bad4606/lib/gssapi/krb5/arcfour.c#L390,
https://github.com/heimdal/heimdal/blob/
7ae2dfd853c87f9cbecb6f399de4dad09bad4606/lib/gssapi/krb5/arcfour.c#L661,
https://github.com/heimdal/heimdal/blob/
7ae2dfd853c87f9cbecb6f399de4dad09bad4606/lib/gssapi/krb5/arcfour.c#L1279
Looking at Samba code I found:
source4/heimdal/lib/gssapi/krb5/unwrap.c
source4/heimdal/lib/gssapi/krb5/verify_mic.c
`rg memcmp | rg zero` looks fine for me.
Andreas
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the samba-technical
mailing list