Re: NetBSD Crypto Bug: sizeof v. sizeof()

Discussion in 'C Programming' started by Eric Sosman, May 24, 2013.

  1. Eric Sosman

    Eric Sosman Guest

    On 5/23/2013 9:20 PM, william@wilbur.25thandClement.com wrote:
    > This bad code[1] compromised[2] NetBSD's CPRNG implementation:
    >
    > rnd_extract_data(key + r, sizeof(key - r),
    > RND_EXTRACT_ANY);
    >
    > One might argue this bug stemmed from using the sizeof() idiom instead of
    > stylistically treating sizeof as a regular operator.
    >
    >
    > 1: http://cvsweb.netbsd.org/bsdweb.cgi...c.diff?r1=1.14&r2=1.15&only_with_tag=MAIN&f=h


    It doesn't look like a problem with sizeof per se, but more
    like a problem with incorrect grouping. At a guess (looking only
    at the diffs, not motivated to go hunt up the complete source and
    acquaint myself with the conventions, expectations, context, culture,
    and street argot thereof), it looks like they wanted `sizeof(key) - r'
    instead of `sizeof(key - r)' -- but that's far from certain, as the
    diffs are considerably more voluminous than "a quick sizeof fix"
    would warrant. Looks like either (1) other fixes were mixed in,
    or (2) "the sizeof problem" was only a small part of the picture.

    Anyhow, this isn't the first example of faulty code ever to
    be seen under the, er, Sun. Flawless software is fairly rare ...

    > 2: http://www.theregister.co.uk/2013/03/26/netbsd_crypto_bug/


    Not informative; don't know why you included it.

    --
    Eric Sosman
    d
    Eric Sosman, May 24, 2013
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. cjundang

    How to link file *.o on NetBSD

    cjundang, Aug 19, 2003, in forum: C Programming
    Replies:
    1
    Views:
    279
    Mark Gordon
    Aug 19, 2003
  2. Sandeep Gupta

    thread module on NetBSD

    Sandeep Gupta, Jul 2, 2004, in forum: Python
    Replies:
    2
    Views:
    326
    Gary D. Duzan
    Jul 6, 2004
  3. Miki Tebeka

    _bsddb on NetBSD

    Miki Tebeka, Jan 17, 2006, in forum: Python
    Replies:
    1
    Views:
    302
    Laszlo Zsolt Nagy
    Jan 17, 2006
  4. Martin Weber
    Replies:
    0
    Views:
    113
    Martin Weber
    Jul 25, 2003
  5. Ian Pilcher

    Re: NetBSD Crypto Bug: sizeof v. sizeof()

    Ian Pilcher, May 24, 2013, in forum: C Programming
    Replies:
    1
    Views:
    162
    Jorgen Grahn
    May 28, 2013
Loading...

Share This Page