LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MySQL flaw leaves some systems wide open

MySQL flaw leaves some systems wide open

Posted Jun 14, 2012 11:12 UTC (Thu) by etienne (subscriber, #25256)
Parent article: MySQL flaw leaves some systems wide open

> In that case, memcmp() can return values outside the range of a signed character (-128 to 127)

The BSD manual page and the Linux manual page do differ on that point:
http://www.manpagez.com/man/3/memcmp
http://linux.die.net/man/3/memcmp

(Log in to post comments)

MySQL flaw leaves some systems wide open

Posted Jun 14, 2012 11:29 UTC (Thu) by scottt (subscriber, #5028) [Link]

POSIX is with Linux here. The BSD memcmp(3) page could use a portability warning.

MySQL flaw leaves some systems wide open

Posted Jun 15, 2012 1:48 UTC (Fri) by wahern (subscriber, #37304) [Link]

They both define the exact same behavior. But you have to know what "greater than" and "less than" means to fully understand the Linux man page. To know that you have to go to the C standard:

The sign of a nonzero value returned by the comparison functions memcmp, strcmp, and strncmp is determined by the sign of the difference between the values of the first pair of characters (both interpreted as unsigned char) that differ in the objects being compared. (C11 7.23.4, C99 7.21.4)

The BSD man page just incorporates that definition to makes things crystal clear.

MySQL flaw leaves some systems wide open

Posted Jun 15, 2012 2:35 UTC (Fri) by zlynx (subscriber, #2285) [Link]

That definition does not match BSD's either.

"The sign of the nonzero value" is "determined by the sign of the difference"

That says nothing about how large the return value may be. It doesn't require that it be a signed char.

MySQL flaw leaves some systems wide open

Posted Jun 15, 2012 3:48 UTC (Fri) by wahern (subscriber, #37304) [Link]

Huh? The difference between any two unsigned chars has a range of -CHAR_MAX to CHAR_MAX, thus the int return type. (I supposed it could have been short, but there are many implementations where sizeof (char) and sizeof (short) are the same.) Describe to me how you could arrive at any other behavior from either the BSD or Linux man pages? You can't. They're equivalent definitions.

The fundamental issue is people not understanding (or at least not applying their knowledge of) implicit conversions in C, and I'm entirely unsurprised that MySQL ran afoul of the rules. I had to emulate the MySQL password code in an asynchronous client library several years ago. I took one look at MySQL's code and my head spun. It's classic I-know-enough-C-to-be-dangerous. I translated to paper the algorithm that it was attempting, poorly, to implement, and then promptly purged my mind of the actual code so it wouldn't infect my own implementation.

MySQL flaw leaves some systems wide open

Posted Jun 15, 2012 4:06 UTC (Fri) by wahern (subscriber, #37304) [Link]

Ignore me. I'm a doofus. I see that you're pointing out that the sign is copied, not the resultant value from the difference.

Now, anyone have any tips on turning time back so I can erase my comment? =)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds