-
-
Notifications
You must be signed in to change notification settings - Fork 342
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AddressSanitizer finding in lookup3.c #30
Comments
Oh my, you can't do this... That's a party foul! First, reading beyond the array is undefined behavior in C. The code is illegal. Second, if that read crosses a page boundary and the subsequent page is not readable or not allocated, then the application will crash. Third, programs and libraries that depend upon Unbound will fail their testing due to Unbound. The final reason to refrain is some folks will perform security testing and evaluation (ST&E). We will perform the acceptance testing, and grind on the code looking for weak spots with tools like Valgrind and Sanitizers. These kinds of findings waste your time and our time. And I am guessing the "savings" is 0.5 or 0.3 nano-seconds on a modern processor, which likely can't even be measured. The "read off the existing page" got riskier since Stack Clash remediation are in place. Guard pages are no longer readable in some instances. Stepping back a bit to 10,000 feet and looking at the high level engineering... You might consider using Aumasson and Bernstein's SipHash. It is a fast short-input PRF, it has proven security properties, and it has existing implementations in a number of libraries. There is no need to roll your own scheme or carry around the extra code.
|
Hi noloader, |
* nlnet/master: - Attempt to fix build failure in oss-fuzz - Fix doxygen output error on readme markdown vignettes. - Fix edns-subnet locks, in error cases the lock was not unlocked. Fix spelling in code annotation of changes - Fix NLnetLabs#30: AddressSanitizer finding in lookup3.c. - Fix NLnetLabs#29: Solaris 11.3 and missing symbols be64toh, htobe64.
Hi Everyone,
I'm building Unbound 1.9.1 from the tarball on Fedora 29, x86_64. It has a modern version of GCC with sanitizers. The build adds
CFLAGS+=-fsanitize=address
andCXXFLAGS+=-fsanitize=address
(andLDFLAGS+=-fsanitize=address
as needed). Then I runmake check
to see what happens.The text was updated successfully, but these errors were encountered: