From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-40131.protonmail.ch (mail-40131.protonmail.ch [185.70.40.131]) by mx.groups.io with SMTP id smtpd.web11.660.1578336230967512377 for ; Mon, 06 Jan 2020 10:43:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@protonmail.com header.s=default header.b=eCtN7oQk; spf=pass (domain: protonmail.com, ip: 185.70.40.131, mailfrom: vit9696@protonmail.com) Date: Mon, 06 Jan 2020 18:43:40 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=default; t=1578336228; bh=jm0RNCIxRRovtCP0fGyWCNmwMoSaiBiL+QWefAjlfxc=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References: Feedback-ID:From; b=eCtN7oQkIwhOe1UCHsBHRjn34VyVS+d0WbGVAYZVYRkJhRvhPw9JiHkbziR/zw98q C8PQoGiaz7AE1IgVAO65D/gsV4GXRiRRvTXTG/YU9/dHP7apv0OGpekJD4ez+BGajr dG3hKZuZC1RCfwrnaHx+cZdhCoHOM2QamIo7qhAA= To: "Kinney, Michael D" From: "Vitaly Cheptsov" Cc: "devel@edk2.groups.io" Reply-To: vit9696 Subject: Re: [edk2-devel] [PATCH v3 0/1] Add PCD to disable safe string constraint assertions Message-ID: In-Reply-To: References: <20200103171242.63839-1-vit9696@protonmail.com> Feedback-ID: p9QuX-L1wMgUm6nrSvNrf8juLupNs0VSnzXGVXuYDxlEahFdWtaedWDMB9zpwGDklGt7kzs1-RBc0cqz327Gcg==:Ext:ProtonMail MIME-Version: 1.0 X-Spam-Status: No, score=-0.7 required=7.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO_END_DIGIT shortcircuit=no autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.protonmail.ch X-Groupsio-MsgNum: 52943 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha256; boundary="---------------------1cc74953e49e78851a54cbfdb4900f9d"; charset=UTF-8 -----------------------1cc74953e49e78851a54cbfdb4900f9d Cc: "devel@edk2.groups.io" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Date: Mon, 6 Jan 2020 21:42:38 +0300 From: vit9696 In-Reply-To: Message-Id: Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\)) References: <20200103171242.63839-1-vit9696@protonmail.com> <9MoxdJ8nml1WYF1JViU2YrwRwoNEP8Bu7Ax0wps7KatP9SiQyoly1LXHuozlAZdVMTsXi1-rcHMh1E5UZN8VyQ==@protonmail.conversationid> Subject: Re: [edk2-devel] [PATCH v3 0/1] Add PCD to disable safe string constraint assertions To: "Kinney, Michael D" X-Mailer: Apple Mail (2.3608.40.2.2.4) Hi Mike, Yes, the primary use case is for UEFI Applications. We do not want to = disable ASSERT=E2=80=99s completely, as assertions that make sense, i.e. = the ones signalising about interface misuse, are helpful for debugging. I have already explained in the BZ that basically all safe string = constraint assertions make no sense for handling untrusted data. We find = this use case very logical, as these functions behave properly with = assertions disabled and cover all these error conditions by the return = statuses. In such situation is not useful for these functions to assert, = as we end up inefficiently reimplementing the logic. I would have liked = the approach of discussing the interfaces individually, but I struggle = to find any that makes sense from this point of view. AsciiStrToGuid will ASSERT when the length of the passed string is odd. = Functions that cannot, ahem, parse, for us are pretty much useless. AsciiStrCatS will ASSERT when the appended string does not fit the = buffer. For us this logic makes this function pretty much equivalent to = deprecated and thus unavailable AsciiStrCat, except it is also slower. My original suggestion was to remove the assertions entirely, but = several people here said that they use them to verify usage errors when = handling trusted data. This makes good sense to me, so we suggest to = support both cases by introducing a PCD in this patch. Best wishes, Vitaly > 6 =D1=8F=D0=BD=D0=B2. 2020 =D0=B3., =D0=B2 21:28, Kinney, Michael D = =D0=BD=D0=B0=D0=BF=D0=B8=D1=81=D0=B0=D0=BB(=D0= =B0): >=20 >=20 > Hi Vitaly, >=20 > Is the use case for UEFI Applications? >=20 > There is a different mechanism to disable all ASSERT() > statements within a UEFI Application. >=20 > If a component is consuming data from an untrusted source, > then that component is required to verify the untrusted > data before passing it to a function that clearly documents > is input requirements. If this approach is followed, then > the BaseLib functions can be used "as is" as long as the > ASSERT() conditions are verified before calling. >=20 > If there are some APIs that currently document their ASSERT() > behavior and we think that ASSERT() behavior is incorrect and > should be handled by an existing error return value, then we > should discuss each of those APIs individually. >=20 > Mike >=20 >=20 >> -----Original Message----- >> From: devel@edk2.groups.io On >> Behalf Of Vitaly Cheptsov via Groups.Io >> Sent: Friday, January 3, 2020 9:13 AM >> To: devel@edk2.groups.io >> Subject: [edk2-devel] [PATCH v3 0/1] Add PCD to disable >> safe string constraint assertions >>=20 >> REF: >> https://bugzilla.tianocore.org/show_bug.cgi?id=3D2054 >>=20 >> Requesting for merge in edk2-stable202002. >>=20 >> Changes since V1: >> - Enable assertions by default to preserve the original >> behaviour >> - Fix bugzilla reference link >> - Update documentation in BaseLib.h >>=20 >> Vitaly Cheptsov (1): >> MdePkg: Add PCD to disable safe string constraint >> assertions >>=20 >> MdePkg/MdePkg.dec | 6 ++ >> MdePkg/Library/BaseLib/BaseLib.inf | 11 +-- >> MdePkg/Include/Library/BaseLib.h | 74 >> +++++++++++++------- >> MdePkg/Library/BaseLib/SafeString.c | 4 +- >> MdePkg/MdePkg.uni | 6 ++ >> 5 files changed, 71 insertions(+), 30 deletions(-) >>=20 >> -- >> 2.21.0 (Apple Git-122.2) >>=20 >>=20 >> -=3D-=3D-=3D-=3D-=3D-=3D >> Groups.io Links: You receive all messages sent to this >> group. >>=20 >> View/Reply Online (#52837): >> https://edk2.groups.io/g/devel/message/52837 >> Mute This Topic: https://groups.io/mt/69401948/1643496 >> Group Owner: devel+owner@edk2.groups.io >> Unsubscribe: https://edk2.groups.io/g/devel/unsub >> [michael.d.kinney@intel.com] >> -=3D-=3D-=3D-=3D-=3D-=3D >=20 -----------------------1cc74953e49e78851a54cbfdb4900f9d Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBmBAEBCAAQBQJeE3/aCRBPsoxt7Hy0xQAKCRBPsoxt7Hy0xfe7CACLZqW/ /wsZ079KBuH6wJ4QspXOzJMIs1VGvQzXQsBGE+2n2C1M3lpWlK3uANx7ZCnl 7ZE+jqcb9LufOiXnUrya4JkBGxW8TILeqfSPHGyj6LeJxtTovKol+PjL5Vw4 oDsaW3FRAib/mfewegLF6UR8gFJTSBBHXy1WFYlTMrE9kLGKlsMvQJpJ1q5d EzYaTwvnUhdNIndKQgqN/0+D/GkyRUcK5yT+2HSP0qWdDeA3IRJHh9uZXbpO 5rLd36wnlV/t5n25ntocvVlG1IhRJaML/ldrs6wTFgGbE6UyM73DWLjMwS4a DDj0tsxlEPgNquSG0XCBV6IChzqw68VRw3KG =BqqO -----END PGP SIGNATURE----- -----------------------1cc74953e49e78851a54cbfdb4900f9d--