libc icon indicating copy to clipboard operation
libc copied to clipboard

Published 20 hours ago verified publisher icon rust-lang

Unsafety in CMSG_* on invalid buffers

Open Demi-Marie opened this issue 5 years ago • 3 comments

The CMSG_* code is unsafe if the buffers passed to it are malformed. This is not a problem if they come from the kernel (the usual case), since the kernel only generates valid buffers. It is, however, a problem if they come from any other source.

Demi-Marie avatar May 11 '20 00:05 Demi-Marie

The CMSG functions also take a *const and return a *mut. This allows for unsound code that rustc will accept. Luckily, MIRI is able to detect this as UB, but this should ideally be fixed to have two different functions: one for *const and one for *mut.

camshaft avatar Jun 14 '23 19:06 camshaft

What are the proposed solutions here? We can accept a potentially breaking change for 1.0, but I'm not sure what exactly is expected since these functions are already unsafe (the *const -> *mut is more notable iiuc).

tgross35 avatar Aug 29 '24 04:08 tgross35

My vote would be to minimally change the signature to take a *mut and return a *mut. But it's possible that there are applications that only have a *const, so I think we'll probably need an additional *const -> *const function.

camshaft avatar Aug 30 '24 15:08 camshaft