This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug malloc/17344] New: Enhance glibc metadata hardening with the attached patch
- From: "scarybeasts at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 03 Sep 2014 01:31:21 +0000
- Subject: [Bug malloc/17344] New: Enhance glibc metadata hardening with the attached patch
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=17344
Bug ID: 17344
Summary: Enhance glibc metadata hardening with the attached
patch
Product: glibc
Version: 2.21
Status: NEW
Severity: normal
Priority: P2
Component: malloc
Assignee: unassigned at sourceware dot org
Reporter: scarybeasts at gmail dot com
Created attachment 7769
--> https://sourceware.org/bugzilla/attachment.cgi?id=7769&action=edit
Check linked list integrity for the large sized chunk list too.
As a follow-on from my recent glibc exploit:
http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
I'd have really been slowed down, perhaps even stopped, if the the existing
metadata hardening tricks were extended to one more place. I've attached a
patch. It checks doubly-linked list integrity on unlink in one more place: the
linked list for larger-sized chunks.
Please consider applying it. There was already an assert() for this check, this
patch simply elevates this from an assert() to a runtime check.
--
You are receiving this mail because:
You are on the CC list for the bug.