This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Set the warn_unused_result attribute on crypt?
- From: Russ Allbery <rra at stanford dot edu>
- To: libc-alpha at sourceware dot org
- Date: Wed, 25 Sep 2013 09:58:48 -0700
- Subject: Re: Set the warn_unused_result attribute on crypt?
- Authentication-results: sourceware.org; auth=none
- References: <87zjr0q1rg dot fsf at windlord dot stanford dot edu>
Russ Allbery <rra@stanford.edu> writes:
> Apologies if this has already been discussed. I don't remember seeing
> it.
> As folks here are probably aware, there have been a few recent security
> vulnerabilities for DoS attacks in software using the crypt() function
> now that it can return NULL in more cases, such as invalid salt. In a
> discussion of this on debian-devel, the warn_unused_result attribute was
> raised as a possible way of helping developers find other cases of this
> latent bug.
Bleh, sorry, that explanation makes no sense at all. I got confused with
a different type of error handling behavior. It doesn't make sense to
call crypt() without using the result, but the result will generally be
used, so this doesn't help.
What one needs is something entirely different, namely a way of flagging
the result as needing to be checked against NULL. But that's not what
warn_unused_result does.
Sorry about the noise.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>