This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Set the warn_unused_result attribute on crypt?


Russ Allbery <rra@stanford.edu> writes:

> Apologies if this has already been discussed.  I don't remember seeing
> it.

> As folks here are probably aware, there have been a few recent security
> vulnerabilities for DoS attacks in software using the crypt() function
> now that it can return NULL in more cases, such as invalid salt.  In a
> discussion of this on debian-devel, the warn_unused_result attribute was
> raised as a possible way of helping developers find other cases of this
> latent bug.

Bleh, sorry, that explanation makes no sense at all.  I got confused with
a different type of error handling behavior.  It doesn't make sense to
call crypt() without using the result, but the result will generally be
used, so this doesn't help.

What one needs is something entirely different, namely a way of flagging
the result as needing to be checked against NULL.  But that's not what
warn_unused_result does.

Sorry about the noise.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]