[Cryptography] "NSA-linked Cisco exploit poses bigger threat than previously thought"

Ron Garret ron at flownet.com
Wed Aug 24 02:05:33 EDT 2016


On Aug 23, 2016, at 10:04 PM, Viktor Dukhovni <cryptography at dukhovni.org> wrote:

> On Wed, Aug 24, 2016 at 02:22:52AM -0000, John Levine wrote:
> 
>>> I'm thinking of something like a "safe buffer" struct that would have an internally set size.
>> 
>> Dan Bernstein wrote string libraries like that in the late 1990s that
>> he used in qmail and djbdns.  
> 
> Postfix and Tcl both contain internal safe string libraries,
> (VSTRINGs and Tcl_DStrings respectively) and use them consistently,
> as do Tcl extensions.  Postfix also has VSTREAMs that do safe I/O
> with VSTRINGs).  These libraries also don't suffer buffer overflows.
> These libraries also date back to the 90's.  OpenSSH also has had
> decent safe buffer management for some time.  Each project rolled
> their own, but did a reasonably good job.  Not all projects fared
> so well.
> 
> Sadly incorporating safer standard facilities into the C library
> is a herculean effort.  My take is that the difficulty with C is
> not so much the language as the rather minimal runtime.  If the C
> library were substantially richer, most programmers would use
> safer built-in interfaces rather than write unsafe code, or roll
> their own "safe" code badly.

There are two fundamental problem with C.

The first is that the built-in arrays and string literals are unsafe.  You can build safe arrays and strings in C, but you can’t access them using operator[].  You have to access them (and modify them) using function calls.

The second is that C doesn’t have exceptions, which means that functions have to signal exceptional situations via their return values or via a global variable (like errno).  But C functions also can only return a single value of a single type, so you have to either use that return value to signal success or failure and stick the “real” returned value somewhere else (typically in a buffer, a pointer to which is passed in as an argument to the function), or you have to “overload” the return value so that certain values are real and others indicate exceptions.  And then, of course, you have to check that return value in the caller.

Because of these constraints, it is not possible to write safe C in a way that is “natural” to the language.  You have to put a safe layer on top of the native language.  That safe layer requires the programmer to adhere to some discipline in order not to undermine the safety.  But there is no standard on how to implement a safe layer, only different and mutually incompatible conventions.

rg



More information about the cryptography mailing list