This is the change that fixed the recent exploit that allowed attackers to remotely gain root on any machine running Exim (installed and enabled by default on Debian, RHEL, and other distros) just by ending the SNI field with a backslash during TLS negotiation. This exploit would not have been possible were it not for C's retarded string format and complete lack of memory safety.
Everyone say "Thanks C!"
C niggers will never go away
What the fuck is exim? also the fix was quick and easy because it was C, imagine if it was Java
>my C code was vulnerable
>therefore C bad
If you make such a basic rookie mistake, yeah go ahead and blame the whole language for being a smoothbrain.
even experts make mistakes. why do you believe that people are perfect?
this
If someone built you a safe which was later broken into due to poor design would you blame the tools that they used? If yes then you truely are beyond help.
>parser
>not actively fuzzed
sad
all the old linux daemons are spaghetti disasters
>What the fuck is exim?
One of the most popular mail transfer agents, installed by default on most distros.
>the fix was quick and easy because it was C
The fix was so janky that the author originally fucked it up before fixing the fix and squashing them together into the commit in the OP.
If it were any other language, this never would have happened in the first place. This exploit was born of using C's highly-exploitable string format to chain into a heap overflow, neither of which are issues with properly designed modern languages.
> someone used a tool the wrong way so tool is bad
> doctor injected someone weed now he gay
> weed bad
I don't say a genius cannot make a mistake. Pushing code at 03:00 a.m. could result in a fuckup.
The real problem here may be that no one audited the original code, or any change that may have introduced the bug.
Fuzzers and automatic code testing exists for reasons as well. Code audits are very time consuming and expensive.
I'm merely saying, yes, a good coder in good physical and mental shape would have spotted the error.
Let's see some of the perfect shit you've written in C
Why waste time auditing unreadable code when a machine does it better than the best team of humans?
Hate to be the devil's advocate, but there are no strings in C, just char arrays - or much, much more popularly, pointers to char. It's an idiotic mistake that would never have happened in C++ or Rust.
That's just pedantry. Just because there's no explicit "string" type doesn't mean the concept of strings doesn't exist in C. The implementation of a string as a null-terminated array of characters is still a string, even if it has a type of char pointer.
So long as you don't make the compiler enforce your invariants, you are writing ambiguous code.
That has nothing with to do with whether or not the concept of a string exists within the context of C. When I refer to a C string, everyone knows I'm talking about a pointer to a null terminated list of characters. It's absurd and reductionist to make the claim that strings don't exist in C, only the de facto implementation of C strings truly exists.
Ban assault C code.
/thread
>there are string literals
>they generate array terminated by zero byte
>standard describes this as string
>gcc manual describes this as string
>standard libc describes this as string and actively works with it
you are imbecile
>you don't need seatbelts, just drive slow and careful you idiot
Cnile logic.
>Cnile
oh oh another for my list of inorganic astro turf terms coming down from our shill farm
can you do me a solid and just type your whole list?
A really great advantage of an actual arrays is instrumented bound checking, which can be further eliminated by compiler if it's provably correct (aka bound-checking elimination optimization).
Low level languages existing before C did it. Sadly C was trash since day one and lost many gems of great language design.
In addition, C strings have an annoying flaw of not allowing arbitrary substrings (assuming it complies with encoding, such as proper codepoint boundary in utf-8) because it won't have the zero byte termination (unless it shares end of string) and needs to be copied instead, or opting for different (mostly the correct one anyway) string implementation of base pointer - and either end pointer or length.
>return *pp
hehe
one might argue that sanitizers should do the job, but this is incorrect. modifying outside of exposed sub-array does not necessarily modify outside of underlying allocation. proper bound checking is extremely cheap on runtime and catches logical errors sooner. Plus distinguishing between pointer and array syntactically is a sane thing to do. It has no downsides.
also the signedness confusion of char in C is annoying as hell
>still using exim over postfix
Kind of deserve it to be honest. Kek at exim for accepting and parsing smtp shit as a root running process as well.
>a pointer to a null terminated list of characters.
Cool, that's totally different from char* which is a pointer to a char. If you want the compiler to know, make it a struct.
Don't pretend to know any C standard. Arrays decay to pointers. Plus, nothing about char[n] implies null termination.
What in the monkey fuck are you doing with char types that signedness matters?
For fucks sake.
Every piece of software written with that tool is broken on a regular bases since decades.
>If someone built you a safe which was later broken into due to poor design would you blame the tools that they used? If yes then you truely are beyond help.
Being this retarded.
Just seeing this code is proof that everyone who writes C in critical areas is completely retarded.
You could write as well write assembler directly and hope you caught every edge case.
People who claim they do not make such mistakes with C post their code now, immediately, so we can fuck them in their arrogant asses.
>This exploit would not have been possible were it not for C's retarded string format
>This exploit was born of using C's highly-exploitable string format
I completely agree that C is cancer and I also want to clarify that you must be a brainlet to say that it has any connection to C string format unless this how you say "null terminated strings".
>I'm merely saying, yes, a good coder in good physical and mental shape would have spotted the error.
Post your code, you fucking cunt.
adding it with larger type
This is why C++ is superior.
>B-but Rust!
C++ does what Rust can do and more. Your diversity hire language sucks.
Which is a completely retarded concepts nowadays.
fuck C, all C evangelists should kill themselves. Use Ada instead of C if you hate Rust so much
How can anyone gain root access without entering root password?
Use a proper fucking type for that instead. Either implicit sign/unsigned declaration of char or a fucking inttype. Its literally 2019 you fucking faggot. Retards like you are why -fsigned-char shit poisons cmake projects that causes wild whacky fun for all involved.
Go fuck yourself.
>you must be a brainlet to say that it has any connection to C string format unless this how you say "null terminated strings".
null terminated strings are very commonly referred to as "C strings". Several languages have some variant of a ".c_str" string method to convert their string to a null terminated C-style string for C interop. It's perfectly correct to interchangeably use "null terminated string" and "C string"
Ya, c++ can do all sorts of foot gun tier bullshit like unexpected type promotions and all the other confusing different initializer types, move semantics and more. Hell throw in diamond inheritance while we're at it.
you any instruction you want to the application running as root
C was made for niggers
A mistake in using a tool incorrectly isn't the fault of the tool. You know really a person wrote this, people make mistakes.
It happens but you just want a participation award because your mother made the mistake of not aborting you, not to have any skill. We should ban people from writing software and only let trannies do it, that will fix it.
>incorrectly
C doesn't support strings and doesn't warn you about obvious UB, it's a shit tool.
>language has poor defect
>it's faults of those who don't like the defect
holy shit user, you are fucking genius
yes I literally have to retype char* to unsigned char* on every function call because std libc constantly works with char*, take void* and manually cast it to bytes in every function to avoid this dementia; even this produces warning
unsigned char *s = "something";
Stop wining and show your C code. So we can fuck you.
This is probably the most assinine post I've read all year.
What does urban bears have to do with this and why the homophobia? C supports many in the pillow biting community by being the basis for the computing devices they use and create to make a living. If all c code ceased to function you wouldn't even be able to underhandedly promote rust like this. You post therefore you use working c code whether your shrunken head realizes it not.
UB = undefined behaviour. It's normal, most C programmers don't know it when they see it, either. If they see it.
>ceased to function
That happens every now and again, sites get DOS'd, servers leak data, you name it. You're entirely correct I wouldn't be able to post, as has happened many times.
int main(void){
return 0;
}
It's for testing error code, in this case no error, on the command line. I also have another version that returns 9, I call it 9. Nifty, huh.
But the behavior isn't undefined, the original code worked correctly, exactly as written. It twas a badly implemented, arrr matey. Bounds checking is sub-junior level mistake but your taking it like you don't know that.
>You're entirely correct I wouldn't be able to post, as has happened many times.
The only way to prove yourself correct is to never post which wouldn't really work.
Wow with that coding skills, you should really participate in this discussion.
Why is it so hard for programmers to make a new language with out-of-bounds access protection WITHOUT introducing a lot of bloat like another goddamn package manager?
Thanks.
>worked correctly
No, there are several types of UB.
>dereferencing a pointer before a null check
>dereferencing a pointer before a bounds check
>const uschar** instead of const uschar*const*
And more. Idiotic language, the compiler never caught these fallacies.
All working correctly as written, those are not undefined behavior. More like unintentionally behavior because they forgot error checks. That's really lazy and slightly irritating but people make mistakes.
Have you ever read the fucking standard, retard? You don't sound as smartass as you'd like to be.
c is the worst language thats why i never learnt it
Yes, can you correctly interpret the standard but more importantly know the deviations in implentations? Keep blaming your tools for your incompetence, it makes you more human like. It's because the originality, it's much more convincing then the rabble rabble rabble repeat other people's thoughts thing. Here's a thought, try being happy.
>incompetence
The compiler compiled my code successfully, that means it's 100% according to it. Otherwise, that would mean the compiler doesn't follow the standard strictly (it doesn't, it compiles UB without error by default), which would make the tool trash.
Try compiling shitty code in Rust or Go.
>Try compiling shitty code in Rust or Go.
Maybe we have different definitions of shitty. As for compiling shitty code, I could do that in any language. Hop on GitHub and be amazed, but it works for the with all the unintentional behavior included.
This whole thing makes me think you don't like error checking or are one of those single return (exit point) weirdos, that makes me question the validity of hand holding tools. PlusImNotAskingPremissionToNameMyIdentifiersHowIWant I like to be in control, not controlled.
>could do that
Okay go and write bad code in Go or Rust.
>don't like error checking
No, I hate it, it's a complete waste of time for something that can and is automated in better languages.
>I like to be in control
EARN the right to be in control. Until then I have every reason to doubt your abilities.
How do you think those other languages represent strings in memory?
In C++, visual studio, clang, and gcc's standard libraries generally have a dynamic array of chars, size, and capacity members. Also a union to represent short string optimisation and respective flags.
If Exim is a mail client why is it theorized this is how crypto for Android has been getting onto web servers?
exim is useless anyways
systemctl disable exim —now
Should fix the issue, thank me later.
Exim is a mail server
This. Install postfix
>engine doesn't work? just ride a bike goy, cars are bloat
Cope
Gracias por tu servicio
everyone calm down, why not just extend the standard C? why do like scheme does, everyone rolls a base and then some implement further functionality but rather than being functionality driven its security driven like the guys at Linux do with for example xarray
I made a thread for the sole purpose of embarrassing you LARPers. You are not even capable of making a simple text editor.
the confusion was probably caused by that retarded indent style