This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: use-after-free / double-free exploit mitigation


On 09/06/2017 02:46 PM, up201407890@alunos.dcc.fc.up.pt wrote:
> What are your thoughts on adding a SAFE_FREE() macro to glibc:
> 
> #define SAFE_FREE(x) do { if((x) != 0x0) { free(x); (x) = (void *)0x1; }
> } while(0)
> 
> After free(x), we set x to an address that will crash when dereferenced
> (use-after-free), and will also crash when it's an argument to free().
> Note that NULL isn't used, because free(NULL) does nothing, which might
> hide potential double-free bugs.

Maybe GCC should optionally do this for the actual call to free.  There
is some debate to what extend pointer *values* remain valid after free.
Martin Sebor may have some thought on that.

In any case, some GCC assistance is needed so that

  free (some_struct->ptr);
  free (some_struct);

actually clobbers some_struct->ptr.  I don't think we want to call out
to explicit_bzero here.

Thanks,
Florian


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]