This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks

From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
To: libc-alpha at sourceware dot org
Date: Mon, 23 Oct 2017 19:27:06 -0200
Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
Authentication-results: sourceware.org; auth=none
References: <xn7evl4mwu.fsf@greed.delorie.com>


On 23/10/2017 18:41, DJ Delorie wrote:
> 
> I'm OK with the patch in theory, but...
> 
> unlink() is called from seven places; you have patched two.  Are the
> other five open to this bug?  Perhaps it would be better to add another
> parameter to the unlink() macro to centralize this check and enforce it
> everywhere?
> 
> I wonder if we should add a "size_is_sane()" macro to check for
> unreasonable sizes before we use them to compute pointers.
> 
> Also, your mailer is corrupting your patch; I had to apply it by hand to
> review it.  It's wrapping lines and using 0xa0 spaces instead of 0x20.
> Attaching it as inline-text might help, instead of just pasting it in to
> the body.
> 

Also use __glibc_{un}likely instead of __builtin_expect.

References:
- Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
  - From: DJ Delorie

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]