Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20240719015052.GR10433@brightrain.aerifal.cx>
Date: Thu, 18 Jul 2024 21:50:52 -0400
From: Rich Felker <dalias@...c.org>
To: Thorsten Glaser <tg@...bsd.de>
Cc: musl@...ts.openwall.com
Subject: Re: [PATCH 1/1] FD_SET() and FD_ISSET() warn on
 -Wsign-conversion

On Thu, Jul 18, 2024 at 10:00:08PM +0000, Thorsten Glaser wrote:
> Brad House dixit:
> 
> > || d >= FD_SETSIZE) which would be good for preventing out of bounds reads and
> 
> FD_SET can be used on dynamically allocated fd sets > FD_SETSIZE.

This is not valid usage.

    "The behavior of these macros is undefined if the fd argument is
    less than 0 or greater than or equal to FD_SETSIZE, or if fd is
    not a valid file descriptor, or if any of the arguments are
    expressions with side-effects."

And in the real world, AFAIK, it *will trap* with fortify enabled.
Programs that try to do this are broken.

select is simply not compatible with use of file descriptors >=
FD_SETSIZE. As such it should be considered deprecated and poll should
be used.

I used to think that, if you *really* insist on trying to bypass the
limit, the "safe" way would be not to pass n>=FD_SETSIZE but to make
an array of fd_set objects and address fd number n%FD_SETSIZE in index
n/FD_SETSIZE of the array, then pass a pointer to the array to select.
This works in practice everywhere that your hack would work. However,
on further review, any implementation where it works is nonconforming.
POSIX documents under ERRORS for select and pselect, a "SHALL FAIL"
condition:

    "[EINVAL]
    
    The nfds argument is less than 0 or greater than FD_SETSIZE."

This forbids accepting oversized fd_sets in any way.

I don't believe we are currently conforming on this, so we should
probably either add a check or open a request for interpretation
whether that (presumably contrary to many real-world systems) is
actually intended to be a requirement.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.