oss-sec mailing list archives
Re: How serious is undefined behavior?
From: Solar Designer <solar () openwall com>
Date: Tue, 7 Jul 2015 02:36:13 +0300
On Mon, Jul 06, 2015 at 06:17:34PM +0200, Hanno B??ck wrote:
However I wonder how practically relevant these issues are
I think we have to estimate their practical impact on a case by case basis, and such assessments may need adjustment over time.
and also how much focus should be given to them.
I'm not sure how much, but I think it should be increasing over time, especially for new code.
Do people have good examples where e.g. an invalid shift operation caused a real, severe security issue?
Not exactly what you asked for, but a recent example is Pufferfish, a Password Hashing Competition finalist, where an invalid shift operation results in it being effectively undefined for requested memory sizes beyond 2 MiB, contrary to the designer's intent. In practice, Pufferfish would appear to work, but deliver slightly worse security properties than intended and different behavior between some systems. Luckily, this was found while still evaluating the finalists.
Would people think it's a wise idea to put a lot of effort into testing applications with ubsan enabled and reporting all the bugs that pop up? (that would mean a lot of bugreports) Or would this be perceived as an annoying "that's a theoretical C language nitpick issue and not a real bug".
Both. I think it's worth reporting these bugs primarily to more recent, cleaner, and better maintained projects, as well as to smaller projects, where it is realistic that all of these bugs would be fixed. For older projects of substantial size, maybe just publish summaries.
https://github.com/madler/zlib/commit/8a979f6c7986574e37316148cd8ca440c3bc08a3
I think this was worth reporting. Alexander
Current thread:
- How serious is undefined behavior? Hanno Böck (Jul 06)
- Re: How serious is undefined behavior? John Haxby (Jul 06)
- Re: How serious is undefined behavior? Daniel Micay (Jul 06)
- Re: How serious is undefined behavior? Solar Designer (Jul 06)
- Re: How serious is undefined behavior? Alexander Cherepanov (Jul 09)
- Re: How serious is undefined behavior? Solar Designer (Jul 12)
- Re: How serious is undefined behavior? Alexander Cherepanov (Jul 13)
- Re: How serious is undefined behavior? Xi Wang (Jul 13)