[Cryptography] I don't get it.
Peter Fairbrother
zenadsl6186 at zen.co.uk
Thu Apr 17 08:10:24 EDT 2014
On 15/04/14 21:46, I wrote:
[..]
> Perhaps most of all, I wonder whether it would be a good idea to shoot
> all the gcc developers.
Well that caused no end of kerfuffle, both on and off list.
Obviously I didn't mean it literally, if for no other reason that it
wouldn't do any good - C and gcc are now far too well established.
But, suppose you could go back in time, and adjust C and gcc, preferably
without assassinations. What would you change?
Well first of all, strings and arrays. I don't want a bounds-unchecked
string or array, not ever - even if bounds checking is
resource-consuming and there is no possibility of out-of-range inputs,
someone else might come along later and change the code.
I don't want to have to even think about whether a string or array is
bounds checked; just whether the default behaviour when an out-of-range
input is detected is suitable.
So, where would you change it? K+R? ANSI? I don't know, but in 35 years
they never got around to fixing it. First there was strncpy etc, which
didn't quite fix strcpy, Then there was strlcpy (on some systems) which
didn't quite fix it either.
More important, when they introduced strncpy they *left strcopy in*. If
they had meant to do it properly they would have at least deprecated and
eventually removed strcpy, but they didn't, they left it "up to the
programmers"
So it's no surprise we get late-night unchecked-bounds bugs like heartbleed.
(BTW my preferred fix would be dynamic length strings and automatic
array checking as default, with automatic string length checking and
dynamic array sizing as alternatives. It can't be that hard, they do
dynamic lengths OK with files - why not with strings?)
Malloc and free? Only in kernels and kexts, maybe drivers at a pinch.
Another thing I'd like to see as a (mandatory) goal would be repeatable
compilation, so if you used the same source, compiler and compiler
settings then you got the same object code out.
Any other suggestions?
-- Peter Fairbrother
More information about the cryptography
mailing list