Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing

To: debian-devel@lists.debian.org
Subject: Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
From: Bastian Blank <waldi@debian.org>
Date: Wed, 25 Sep 2013 18:43:23 +0200
Message-id: <[🔎] 20130925164322.GA9453@mail.waldi.eu.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] loom.20130925T134128-696@post.gmane.org>
References: <[🔎] 20130920190537.GZ27621@onerussian.com> <[🔎] 20130921051216.GN5094@outflux.net> <[🔎] 20130921124634.GX21512@fmf.nl> <[🔎] 20130921150813.GA21253@outflux.net> <[🔎] loom.20130924T134453-638@post.gmane.org> <[🔎] 87bo3imcj2.fsf@windlord.stanford.edu> <[🔎] loom.20130925T134128-696@post.gmane.org>

On Wed, Sep 25, 2013 at 11:43:22AM +0000, Thorsten Glaser wrote:
> No, the standard said it would either always fail or never, but independent
> on the input data.

Nope:
| Upon successful completion, crypt() shall return a pointer to the
| encoded string. The first two characters of the returned value shall be
| those of the salt argument. Otherwise, it shall return a null pointer
| and set errno to indicate the error.

Bastian

-- 
You!  What PLANET is this!
		-- McCoy, "The City on the Edge of Forever", stardate 3134.0

Reply to:

References:
- think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Yaroslav Halchenko <debian@onerussian.com>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Kees Cook <kees@debian.org>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Bas Wijnen <wijnen@debian.org>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Kees Cook <kees@debian.org>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Thorsten Glaser <tg@mirbsd.de>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Russ Allbery <rra@debian.org>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Thorsten Glaser <tg@mirbsd.de>

Prev by Date: Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
Next by Date: Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
Previous by thread: Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
Next by thread: Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
Index(es):
- Date
- Thread