Files
heimdal/lib/gssapi
Jeffrey Altman 02200d55ea Address GCC Bug 95189 memcmp wrongly stripped like strcmp
As documented in Russell O'Connor's blog, Heimdal when compiled with
some versions of gcc 9 and 10 would generate incorrect behaviors from
_gssapi_verify_mic_arcfour(), _gssapi_unwrap_arcfour(),
_gssapi_unwrap_iov_arcfour() and _gssapi_unwrap_iov_arcfour().

As a result of the bug, code of the form

   if (memcmp(a, "\x00\x00\x00\x00"))

and

   cmp = memcmp(a, "\x00\x00\x00\x00")

will be compiled as if it were written as

   if (strcmp(a, "\x00\x00\x00\x00"))

and

   cmp = strcmp(a, "\x00\x00\x00\x00")

but not

   if (memcmp(a, "\x00\x00\x00\x00") != 0)

and

   cmp = (memcmp(a, "\x00\x00\x00\x00") != 0)

Bad code is generated whenever one of the parameters to memcmp()
is a constant with at least one NUL in the first four octets and
the return value is used immediated without a boolean comparison.

The gcc bug 95189 has since been fixed.

This change applies a defensive programming technique to avoid
the broken code generation.

Change-Id: I1db2a561735317cb6cac66a0ec9caf5443e65e03
Link: https://r6.ca/blog/20200929T023701Z.html
Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189
Reported-by: Buck Huppmann (buckh@pobox.com) <buckh@pobox.com>
2021-11-24 22:30:44 -05:00
..
2021-11-11 22:41:13 -06:00
2008-09-13 08:53:55 +00:00
2018-12-18 23:28:38 -06:00
2018-12-14 17:30:14 -05:00
2011-11-22 12:18:48 -08:00
2021-11-17 17:27:40 -06:00
2011-05-21 11:57:31 -07:00
2008-09-13 09:21:03 +00:00
2011-11-22 12:18:48 -08:00
2020-04-25 21:22:32 -05:00
2008-09-13 09:21:03 +00:00
2019-10-03 13:09:18 -05:00
2010-12-01 17:54:29 -05:00