tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Reuse strtonum(3) and reallocarray(3) from OpenBSD



Christos Zoulas wrote:
> | We can ignore return values, but the duplication still occurs as there is possibility to check for an event in two distinct ways. For me API should be designed without such possibilities.
> 
> It is not exactly duplication but, sure please suggest something better.
> 

I'm working on it :)

> It is full circle; you can't tell the difference between an INTMAX_MAX
> return that was clipped and one that was not without setting errno
> to 0 before calling your new function.
> 

I see your point....

Your intention is to have a function that is not vulnerable to a mistakes with not reseting errno to 0 before calling.

Well... we have:

int e;
fullstrtoi_r(str,base,lo,hi,&e);
switch (e) {
}

vs

errno = 0;
fullstrtoi(str,base,lo,hi)
switch(errno) {
}

Is this the key problem of fullstrtoi()? If so then there is wrap-around, something like:

intmax_t fullstrtoi_r(..., int *e)
{
int save_errno;
errno = 0;
int im = fullstrtoi(...);
*e = errno;
errno = save_errno;
return im;
}

That _r wrapper can be done around every of the strtol(3)-like functions.

I understand your concerns, however I don't want this feature,
it's a design of C and I'm used to live with it to set errno to 0.
This is sad reality in cooperation with slimsy modules messing with errno.
Preserving errno won't solve any bugs, as other function calls are vulnerable as well.

This approach can hide real bugs.

An article from CERT:

"ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure"
https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=6619179




Home | Main Index | Thread Index | Old Index