oss-sec mailing list archives

Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()

From: Solar Designer <solar () openwall com>
Date: Tue, 15 Nov 2011 07:23:05 +0400

On Tue, Nov 15, 2011 at 06:13:24AM +0400, Solar Designer wrote:

3. Maybe glibc and the SHA-crypt reference code should stop using
alloca() in favor of having the underlying MD5, SHA-256, and SHA-512
implementations accepting potentially unaligned buffers like e.g.
OpenSSL's implementations do.  Unfortunately, this might have
performance impact.


This is what FreeBSD's revision of the code does, but it still has two
alloca()s per function (the alignment-unrelated ones):

http://svnweb.freebsd.org/base/head/lib/libcrypt/

More context:

http://www.openwall.com/lists/oss-security/2011/11/15/1

Alexander

Current thread:

glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 14)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 14)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 16)
  - Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Steve Grubb (Nov 16)
  - Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Henri Salo (Nov 17)