Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
AddressSanitizer finding in lookup3.c #30
I'm building Unbound 1.9.1 from the tarball on Fedora 29, x86_64. It has a modern version of GCC with sanitizers. The build adds
Oh my, you can't do this... That's a party foul!
First, reading beyond the array is undefined behavior in C. The code is illegal. Second, if that read crosses a page boundary and the subsequent page is not readable or not allocated, then the application will crash. Third, programs and libraries that depend upon Unbound will fail their testing due to Unbound.
The final reason to refrain is some folks will perform security testing and evaluation (ST&E). We will perform the acceptance testing, and grind on the code looking for weak spots with tools like Valgrind and Sanitizers. These kinds of findings waste your time and our time. And I am guessing the "savings" is 0.5 or 0.3 nano-seconds on a modern processor, which likely can't even be measured.
The "read off the existing page" got riskier since Stack Clash remediation are in place. Guard pages are no longer readable in some instances.
Stepping back a bit to 10,000 feet and looking at the high level engineering... You might consider using Aumasson and Bernstein's SipHash. It is a fast short-input PRF, it has proven security properties, and it has existing implementations in a number of libraries. There is no need to roll your own scheme or carry around the extra code.