This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- To: libc-alpha at sourceware dot org
- Date: Mon, 23 Oct 2017 19:27:06 -0200
- Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- Authentication-results: sourceware.org; auth=none
- References: <xn7evl4mwu.fsf@greed.delorie.com>
On 23/10/2017 18:41, DJ Delorie wrote:
>
> I'm OK with the patch in theory, but...
>
> unlink() is called from seven places; you have patched two. Are the
> other five open to this bug? Perhaps it would be better to add another
> parameter to the unlink() macro to centralize this check and enforce it
> everywhere?
>
> I wonder if we should add a "size_is_sane()" macro to check for
> unreasonable sizes before we use them to compute pointers.
>
> Also, your mailer is corrupting your patch; I had to apply it by hand to
> review it. It's wrapping lines and using 0xa0 spaces instead of 0x20.
> Attaching it as inline-text might help, instead of just pasting it in to
> the body.
>
Also use __glibc_{un}likely instead of __builtin_expect.