Failing to compile with C++ compilers #477
Comments
|
Be aware that compiling C code with a C++ compile may introduce (security) issues that are otherwise impossible. For instance, in C you declare an array like this: char s[100];In C++ you can also allocate arrays dynamically with a variable size: #include <stdio.h>
#include <string.h>
int main(void)
{
size_t x = 100;
char s[x];
memset(s, 0, x);
return 0;
}If 'x' happens to be too large to allocate on the stack, a crash will happen. So it might be the case that under a C compile, a static buffer is allocated at compile time for the following program, a C++ compiler might dynamically allocate 100 bytes on the stack at runtime: char s[100];My knowledge of C++ internals is spotty so I'm not sure if the C++ standard mandates any particular behavior in such cases. All I'm saying is that while a C program can be syntactically correct C++, the respective internal semantics might differ, and care should be taken. That said, I don't see why mbed TLS should support C++ compilation. De facto C and C++ are distinct languages and cross-language support seems a too ambitious (and perhaps unnecessarily dangerous) endeavor if the aim is simply to make a C library and a C++ application operate together, which should be trivial to achieve through object linking. |
|
Nice to hear from you again! That's an interesting question - can C code, compiled using a C++ compiler, enable new attack vectors? That's got to be worth research, and maybe a talk at a conference somewhere. I'm not aware of issues, but I can see the possibilities. This is a requirement, because it was previously possible and it's what mbed TLS users are already doing - see bug #472. I do take your point though that it may enable new attacks, and we'll look into that carefully before we close this issue. |
|
ARM Internal Ref: IOTSSL-761 |
|
In the past I understand from @pjbakker that Mbed TLS/PolarSSL compiled with C++ compilers, and certainly we've had bug reports where there have been issues with C++ compatibility, such as in PR's #472 and #1782 amongst others, and I know we're not far from compiling cleanly. However, Mbed TLS is by design a C library, and that's how we develop it. It can be argued that most C programs can be written to compile cleanly as C++ programs, or equally that C and C++ are different languages, but for the project, the truth remains that there are differences between the two languages, and something that's written for C maybe not compile in an equivalent way in C++. As a secure communications and cryptography library we value above all else, the security, safety and integrity of the library, and whilst we support different CPUs, different platforms and operating systems, and a whole host of different configurable features, trying to write the code for two very similar languages at the same time presents an unnecessary risk, while it should be perfectly reasonable to ask users to compile the library as C, not C++. Therefore as a project we've decided not to pursue this defect, and work backwards to compile cleanly under C++. Instead we have added additional tests to ensure our headers can be used in C++ compilers, and that we can link to C++ applications. We support Mbed TLS only as a C library for use with a C compiler. |
|
Thanks for the explanation Simon. I sent you an e-mail a while ago (July 11 2018), did you get it? |
It appears mbed TLS isn't building under C++ compilers cleanly anymore. Pull request #472 attempts to address at least one issue. mbed TLS in theory, should use the safe C99 subset of C++, which it apparently used to.
Compiling under C++ should be tested, and whatever issues are found, should be fixed.
The text was updated successfully, but these errors were encountered: