On Wed, 12 Jul 2023 20:32:23 +0200, Robert Clausecker wrote: > I have just discovered that the bcmp() function on FreeBSD is > defective on 64 bit systems. It may errorneously return an > "equal" result when the buffers are not equal due to a > truncating cast in the return value. As OpenBSD uses the same > code, I believe you may be affected, too. This may have a > security impact, but I was unable to find any code in OpenBSD > that uses bcmp() in a way that could trigger this bug. > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272474
Thanks for letting us know but this was fixed in OpenBSD by: revision 1.9 date: 2008/03/19 03:00:23; author: ray; state: Exp; lines: +4 -4; bcmp(3) tries to return length, which is a size_t, as an int. Instead, just return 1 if there is a difference. Found by lint. OK millert. http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/string/bcmp.c.diff?r1=1.8&r2=1.9
